From 91dc65a53fbe7dc79a983a51f330033b343cba36 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Fri, 5 Nov 2004 12:54:06 +0000 Subject: [PATCH] - Dev-Editor now checks if it is able to access a directory: Directories that are not accessible are greyed in directory listing. Accessing such a directory causes an error message. - Dev-Editor checks if it has read access to the virtual root directory. Having no access to this directory would cause Dev-Editor to show the contents of the real root directory! --- devedit.pl | 6 +++++- errors.dat | 2 ++ modules/Command.pm | 11 ++++++++--- modules/Tool.pm | 20 ++++++-------------- templates/dirlist_dir.htm | 2 +- 5 files changed, 22 insertions(+), 19 deletions(-) diff --git a/devedit.pl b/devedit.pl index 169abc4..c29c22e 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2004-10-04 +# Last modified: 2004-11-04 # use strict; @@ -35,6 +35,10 @@ use constant CONFIGFILE => 'devedit.dat'; my $config = read_config(CONFIGFILE); error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy... +# Check if we are able to access the root directory + +abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'}); + # Read the most important form data my $cgi = new CGI; diff --git a/errors.dat b/errors.dat index 93b5fc5..ffa9c68 100644 --- a/errors.dat +++ b/errors.dat @@ -12,6 +12,7 @@ mkfile_failed = Could not create file '{FILE}'. mkdir_failed = Could not create directory '{DIR}'. copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. +no_root_access = You have not enough permissions to access the root directory. above_root = Accessing files and directories above the virtual root directory is forbidden. create_ar = You aren't allowed to create files and directories above the virtual root directory. file_exists = A file or directory called '{FILE}' already exists. @@ -20,6 +21,7 @@ in_use = The file '{FILE}' is currently edited by someone else. dir_replace = You are not allowed to replace a directory. noview = You have not enough permissions to view this file. nocopy = You have not enough permissions to copy this file. +no_dir_access = You have not enough permissions to access this directory. dircopy = This editor is not able to copy directories. cmd_unknown = Unknown command: {COMMAND} lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). diff --git a/modules/Command.pm b/modules/Command.pm index 117d39c..79b944d 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-10-31 +# Last modified: 2004-11-04 # use strict; @@ -97,6 +97,8 @@ sub exec_show($$) { # Create directory listing + return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical); + my $direntries = dir_read($physical); return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries); @@ -125,9 +127,11 @@ sub exec_show($$) foreach my $dir(@$dirs) { - my @stat = stat($physical."/".$dir); + my $phys_path = $physical."/".$dir; my $virt_path = encode_entities($virtual.$dir."/"); + my @stat = stat($phys_path); + my $dtpl = new Template; $dtpl->read_file($config->{'templates'}->{'dirlist_dir'}); @@ -136,7 +140,8 @@ sub exec_show($$) $dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); $dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); - $dtpl->parse_if_block("users",$users && -o $physical."/".$dir); + $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path); + $dtpl->parse_if_block("users",$users && -o $phys_path); $dirlist .= $dtpl->get_template; } diff --git a/modules/Tool.pm b/modules/Tool.pm index 6fbf8e0..8d578ef 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -6,7 +6,7 @@ package Tool; # Some shared sub routines # # Author: Patrick Canterino -# Last modified: 2004-07-30 +# Last modified: 2004-11-04 # use strict; @@ -56,21 +56,13 @@ sub check_path($$) $path =~ s!^/{1}!!; $path = $root."/".$path; - unless(-d $path) - { - # The path points to a file - # We have to extract the directory name and create the absolute path + # We extract the last part of the path and create the absolute path - my $dir = upper_path($path); - my $file = file_name($path); + my $first = upper_path($path); + my $last = file_name($path); - $dir = abs_path($dir); - $path = $dir."/".$file; - } - else - { - $path = abs_path($path); - } + $first = abs_path($first); + $path = $first."/".$last; $path = File::Spec->canonpath($path); diff --git a/templates/dirlist_dir.htm b/templates/dirlist_dir.htm index c1bf870..6a1a740 100644 --- a/templates/dirlist_dir.htm +++ b/templates/dirlist_dir.htm @@ -1,6 +1,6 @@ [SUBDIR] {DATE} -{DIR_NAME}/ +{IF readable}{DIR_NAME}/{ELSE}{DIR_NAME}/{ENDIF} (Rename | Delete |{IF users} Chmod/Chgrp |{ENDIF} View in Browser) -- 2.34.1