From f7bedef2be14af8b8c93360bdf16850406679be6 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sat, 3 Jul 2004 07:23:14 +0000 Subject: [PATCH 1/1] If the user wants to view/edit a file larger than a defined size, Dev-Editor denies file access --- devedit.dat | 2 + errors.dat | 47 +++++++++++----------- modules/Command.pm | 81 +++++++++++++++++++++++--------------- templates/dirlist_file.htm | 4 +- 4 files changed, 77 insertions(+), 57 deletions(-) diff --git a/devedit.dat b/devedit.dat index 05837ec..cc56311 100644 --- a/devedit.dat +++ b/devedit.dat @@ -10,6 +10,8 @@ uselist_file = uselist lock_file = uselist.lock lock_timeout = 10 +max_file_size = 100000 + error_file = D:/WWW/cgi-bin/devedit/errors.dat template_file = D:/WWW/cgi-bin/devedit/templates.dat diff --git a/errors.dat b/errors.dat index 7a66dee..4a703a5 100644 --- a/errors.dat +++ b/errors.dat @@ -1,27 +1,28 @@ # This file contains the error messages of Dev-Editor -binary = This editor is not able to view/edit binary files. -editdir = You cannot edit directories. -noedit = You have not enough permissions to edit this file. -file_in_use = The file '{FILE}' is currently edited by someone else. -edit_failed = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity. -delete_failed = Could not delete file '{FILE}'. -dir_read_fail = Reading of directory '{DIR}' failed. -mkfile_failed = Could not create file '{FILE}'. -mkdir_failed = Could not create directory '{DIR}'. -copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. -rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. -above_root = Accessing files and directories above the virtual root directory is forbidden. -create_ar = You aren't allowed to create files and directories above the virtual root directory. -file_exists = A file or directory called '{FILE}' already exists. -exist_edited = The target file '{FILE}' already exists and is edited by someone else. -in_use = The file '{FILE}' is currently edited by someone else. -noview = You have not enough permissions to view this file. -nocopy = You have not enough permissions to copy this file. -dircopy = This editor is not able to copy directories. -cmd_unknown = Unknown command: {COMMAND} -lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). -not_exist = File/directory does not exist. -dir_not_exist = The directory where you want to create this file or directory doesn't exist. +binary = This editor is not able to view/edit binary files. +editdir = You cannot edit directories. +noedit = You have not enough permissions to edit this file. +file_in_use = The file '{FILE}' is currently edited by someone else. +edit_failed = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity. +delete_failed = Could not delete file '{FILE}'. +dir_read_fail = Reading of directory '{DIR}' failed. +mkfile_failed = Could not create file '{FILE}'. +mkdir_failed = Could not create directory '{DIR}'. +copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. +rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. +above_root = Accessing files and directories above the virtual root directory is forbidden. +create_ar = You aren't allowed to create files and directories above the virtual root directory. +file_exists = A file or directory called '{FILE}' already exists. +exist_edited = The target file '{FILE}' already exists and is edited by someone else. +in_use = The file '{FILE}' is currently edited by someone else. +noview = You have not enough permissions to view this file. +nocopy = You have not enough permissions to copy this file. +dircopy = This editor is not able to copy directories. +cmd_unknown = Unknown command: {COMMAND} +lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). +not_exist = File/directory does not exist. +dir_not_exist = The directory where you want to create this file or directory doesn't exist. +file_too_large = The file you want to view or edit is too large (max. {SIZE} Bytes). # End of configuration file \ No newline at end of file diff --git a/modules/Command.pm b/modules/Command.pm index e0bcb7c..64f4900 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-04-25 +# Last modified: 2004-07-03 # use strict; @@ -25,6 +25,8 @@ use HTML::Entities; use Output; use Template; +use Data::Dumper; + my $script = $ENV{'SCRIPT_NAME'}; my %dispatch = ('show' => \&exec_show, @@ -153,12 +155,15 @@ sub exec_show($$) $ftpl->parse_if_block("binary",-B $phys_path); $ftpl->parse_if_block("readonly",not -w $phys_path); - $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path); - $ftpl->parse_if_block("editable",-w $phys_path && -r $phys_path && -T $phys_path && not $in_use); + $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'})); + + $ftpl->parse_if_block("editable",-r $phys_path && -w $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}) && not $in_use); $ftpl->parse_if_block("in_use",$in_use); $ftpl->parse_if_block("unused",not $in_use); + $ftpl->parse_if_block("too_large",$config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}); + $dirlist .= $ftpl->get_template; } @@ -189,16 +194,23 @@ sub exec_show($$) { # Text file - my $content = file_read($physical); - $$content =~ s/\015\012|\012|\015/\n/g; + if($config->{'max_file_size'} && (stat($physical))[7] > $config->{'max_file_size'}) + { + return error($config->{'errors'}->{'file_too_large'},upper_path($virtual),{SIZE => $config->{'max_file_size'}}) + } + else + { + my $content = file_read($physical); + $$content =~ s/\015\012|\012|\015/\n/g; - $tpl->read_file($config->{'templates'}->{'viewfile'}); + $tpl->read_file($config->{'templates'}->{'viewfile'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); - $tpl->fillin("CONTENT",encode_entities($$content)); + $tpl->fillin("FILE",$virtual); + $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + $tpl->fillin("SCRIPT",$script); + $tpl->fillin("CONTENT",encode_entities($$content)); + } } } @@ -238,27 +250,34 @@ sub exec_beginedit($$) } else { - # Text file + if($config->{'max_file_size'} && (stat($physical))[7] > $config->{'max_file_size'}) + { + return error($config->{'errors'}->{'file_too_large'},upper_path($virtual),{SIZE => $config->{'max_file_size'}}) + } + else + { + # Text file - $uselist->add_file($virtual); - $uselist->save; + $uselist->add_file($virtual); + $uselist->save; - my $content = file_read($physical); - $$content =~ s/\015\012|\012|\015/\n/g; + my $content = file_read($physical); + $$content =~ s/\015\012|\012|\015/\n/g; - my $tpl = new Template; - $tpl->read_file($config->{'templates'}->{'editfile'}); + my $tpl = new Template; + $tpl->read_file($config->{'templates'}->{'editfile'}); - $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); - $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); - $tpl->fillin("SCRIPT",$script); - $tpl->fillin("CONTENT",encode_entities($$content)); + $tpl->fillin("FILE",$virtual); + $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + $tpl->fillin("SCRIPT",$script); + $tpl->fillin("CONTENT",encode_entities($$content)); - my $output = header(-type => "text/html"); - $output .= $tpl->get_template; + my $output = header(-type => "text/html"); + $output .= $tpl->get_template; - return \$output; + return \$output; + } } } @@ -420,13 +439,11 @@ sub exec_upload($$) open(FILE,">$file_phys") or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); binmode(FILE) unless($ascii); - my $data; + # Read transferred file and write it to disk - while(read($handle,$data,1024)) - { - $data =~ s/\015\012|\012|\015/\n/g if($ascii); - print FILE $data; - } + read($handle, my $data, -s $handle); + $data =~ s/\015\012|\012|\015/\n/g if($ascii); # Replace line separators if transferring in ASCII mode + print FILE $data; close(FILE); diff --git a/templates/dirlist_file.htm b/templates/dirlist_file.htm index a9f2a62..4e29e50 100644 --- a/templates/dirlist_file.htm +++ b/templates/dirlist_file.htm @@ -2,5 +2,5 @@ {SIZE} {DATE} {FILE_NAME} -({IF viewable}View{ELSE}View{ENDIF} | {IF editable}Edit{ELSE}Edit{ENDIF} | Copy{IF unused} | Rename | Delete{ENDIF}{IF in_use} | Unlock{ENDIF} | View in Browser) - \ No newline at end of file +({IF viewable}View{ELSE}View{ENDIF} | {IF editable}Edit{ELSE}Edit{ENDIF} | Copy{IF unused} | Rename | Delete{ENDIF}{IF in_use} | Unlock{ENDIF} | View in Browser) + -- 2.34.1