From 123fb97e2e81e982e8bdf54517ee456501061a4e Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sun, 31 Oct 2004 15:15:17 +0000 Subject: [PATCH 01/16] - There is no need to load the POSIX module twice - Dev-Editor also shows the current umask of the process in the about dialogue --- templates/about.htm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/about.htm b/templates/about.htm index b30f5de..761be8f 100644 --- a/templates/about.htm +++ b/templates/about.htm @@ -211,6 +211,11 @@ WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. Group: {GROUP} (GID: {GID}) + + +Process umask: +{UMASK} + {ENDIF} -- 2.34.1 From 91dc65a53fbe7dc79a983a51f330033b343cba36 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Fri, 5 Nov 2004 12:54:06 +0000 Subject: [PATCH 02/16] - Dev-Editor now checks if it is able to access a directory: Directories that are not accessible are greyed in directory listing. Accessing such a directory causes an error message. - Dev-Editor checks if it has read access to the virtual root directory. Having no access to this directory would cause Dev-Editor to show the contents of the real root directory! --- devedit.pl | 6 +++++- errors.dat | 2 ++ modules/Command.pm | 11 ++++++++--- modules/Tool.pm | 20 ++++++-------------- templates/dirlist_dir.htm | 2 +- 5 files changed, 22 insertions(+), 19 deletions(-) diff --git a/devedit.pl b/devedit.pl index 169abc4..c29c22e 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2004-10-04 +# Last modified: 2004-11-04 # use strict; @@ -35,6 +35,10 @@ use constant CONFIGFILE => 'devedit.dat'; my $config = read_config(CONFIGFILE); error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy... +# Check if we are able to access the root directory + +abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'}); + # Read the most important form data my $cgi = new CGI; diff --git a/errors.dat b/errors.dat index 93b5fc5..ffa9c68 100644 --- a/errors.dat +++ b/errors.dat @@ -12,6 +12,7 @@ mkfile_failed = Could not create file '{FILE}'. mkdir_failed = Could not create directory '{DIR}'. copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. +no_root_access = You have not enough permissions to access the root directory. above_root = Accessing files and directories above the virtual root directory is forbidden. create_ar = You aren't allowed to create files and directories above the virtual root directory. file_exists = A file or directory called '{FILE}' already exists. @@ -20,6 +21,7 @@ in_use = The file '{FILE}' is currently edited by someone else. dir_replace = You are not allowed to replace a directory. noview = You have not enough permissions to view this file. nocopy = You have not enough permissions to copy this file. +no_dir_access = You have not enough permissions to access this directory. dircopy = This editor is not able to copy directories. cmd_unknown = Unknown command: {COMMAND} lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). diff --git a/modules/Command.pm b/modules/Command.pm index 117d39c..79b944d 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-10-31 +# Last modified: 2004-11-04 # use strict; @@ -97,6 +97,8 @@ sub exec_show($$) { # Create directory listing + return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical); + my $direntries = dir_read($physical); return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries); @@ -125,9 +127,11 @@ sub exec_show($$) foreach my $dir(@$dirs) { - my @stat = stat($physical."/".$dir); + my $phys_path = $physical."/".$dir; my $virt_path = encode_entities($virtual.$dir."/"); + my @stat = stat($phys_path); + my $dtpl = new Template; $dtpl->read_file($config->{'templates'}->{'dirlist_dir'}); @@ -136,7 +140,8 @@ sub exec_show($$) $dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); $dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); - $dtpl->parse_if_block("users",$users && -o $physical."/".$dir); + $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path); + $dtpl->parse_if_block("users",$users && -o $phys_path); $dirlist .= $dtpl->get_template; } diff --git a/modules/Tool.pm b/modules/Tool.pm index 6fbf8e0..8d578ef 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -6,7 +6,7 @@ package Tool; # Some shared sub routines # # Author: Patrick Canterino -# Last modified: 2004-07-30 +# Last modified: 2004-11-04 # use strict; @@ -56,21 +56,13 @@ sub check_path($$) $path =~ s!^/{1}!!; $path = $root."/".$path; - unless(-d $path) - { - # The path points to a file - # We have to extract the directory name and create the absolute path + # We extract the last part of the path and create the absolute path - my $dir = upper_path($path); - my $file = file_name($path); + my $first = upper_path($path); + my $last = file_name($path); - $dir = abs_path($dir); - $path = $dir."/".$file; - } - else - { - $path = abs_path($path); - } + $first = abs_path($first); + $path = $first."/".$last; $path = File::Spec->canonpath($path); diff --git a/templates/dirlist_dir.htm b/templates/dirlist_dir.htm index c1bf870..6a1a740 100644 --- a/templates/dirlist_dir.htm +++ b/templates/dirlist_dir.htm @@ -1,6 +1,6 @@ [SUBDIR] {DATE} -{DIR_NAME}/ +{IF readable}{DIR_NAME}/{ELSE}{DIR_NAME}/{ENDIF} (Rename | Delete |{IF users} Chmod/Chgrp |{ENDIF} View in Browser) -- 2.34.1 From 0e297c178531651238c91bc1e62dcb7dd356e541 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sun, 7 Nov 2004 20:42:19 +0000 Subject: [PATCH 03/16] Check if the root directory exists --- devedit.pl | 6 +++++- errors.dat | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/devedit.pl b/devedit.pl index c29c22e..eccebd0 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2004-11-04 +# Last modified: 2004-11-07 # use strict; @@ -35,6 +35,10 @@ use constant CONFIGFILE => 'devedit.dat'; my $config = read_config(CONFIGFILE); error_template($config->{'templates'}->{'error'}); # Yes, I'm lazy... +# Check if the root directory exists + +abort($config->{'errors'}->{'no_root_dir'}) unless(-d $config->{'fileroot'}); + # Check if we are able to access the root directory abort($config->{'errors'}->{'no_root_access'}) unless(-r $config->{'fileroot'} && -x $config->{'fileroot'}); diff --git a/errors.dat b/errors.dat index ffa9c68..c7a170c 100644 --- a/errors.dat +++ b/errors.dat @@ -12,6 +12,7 @@ mkfile_failed = Could not create file '{FILE}'. mkdir_failed = Could not create directory '{DIR}'. copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. +no_root_dir = The root directory does not exist or is not a directory. no_root_access = You have not enough permissions to access the root directory. above_root = Accessing files and directories above the virtual root directory is forbidden. create_ar = You aren't allowed to create files and directories above the virtual root directory. -- 2.34.1 From 3ec59b333d0ac48bb1ae8c8a27e4d74626455203 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Tue, 9 Nov 2004 16:05:38 +0000 Subject: [PATCH 04/16] Stupid bug --- modules/Command.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Command.pm b/modules/Command.pm index 79b944d..abff136 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-11-04 +# Last modified: 2004-11-09 # use strict; @@ -100,7 +100,7 @@ sub exec_show($$) return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => '$virtual'}) unless($direntries); + return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => $virtual}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; -- 2.34.1 From d5667647dac12479639fc0147da616a70259b83e Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Tue, 9 Nov 2004 19:03:50 +0000 Subject: [PATCH 05/16] Trying to fight against the chaos in errors.dat and templates.dat by sorting the entries alphabetically. --- errors.dat | 48 ++++++++++++++++++++++++------------------------ templates.dat | 26 +++++++++++++------------- 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/errors.dat b/errors.dat index c7a170c..e6c1549 100644 --- a/errors.dat +++ b/errors.dat @@ -1,38 +1,38 @@ # This file contains the error messages of Dev-Editor +above_root = Accessing files and directories above the virtual root directory is forbidden. binary = This editor is not able to view/edit binary files. -editdir = You cannot edit directories. -noedit = You have not enough permissions to edit this file. -file_in_use = The file '{FILE}' is currently edited by someone else. -edit_failed = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity. -text_to_binary = You aren't allowed to write text data into a binary file. -delete_failed = Could not delete file '{FILE}'. -dir_read_fail = Reading of directory '{DIR}' failed. -mkfile_failed = Could not create file '{FILE}'. -mkdir_failed = Could not create directory '{DIR}'. +cmd_unknown = Unknown command: {COMMAND} copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. -rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. -no_root_dir = The root directory does not exist or is not a directory. -no_root_access = You have not enough permissions to access the root directory. -above_root = Accessing files and directories above the virtual root directory is forbidden. create_ar = You aren't allowed to create files and directories above the virtual root directory. -file_exists = A file or directory called '{FILE}' already exists. +delete_failed = Could not delete file '{FILE}'. +dircopy = This editor is not able to copy directories. +dir_not_exist = The directory where you want to create this file or directory doesn't exist. +dir_read_fail = Reading of directory '{DIR}' failed. +dir_replace = You are not allowed to replace a directory. +edit_failed = Saving of file '{FILE}' failed. The file could be damaged, please check its integrity. +editdir = You cannot edit directories. exist_edited = The target file '{FILE}' already exists and is edited by someone else. +file_exists = A file or directory called '{FILE}' already exists. +file_in_use = The file '{FILE}' is currently edited by someone else. +file_too_large = The file you want to view or edit is too large (max. {SIZE} Bytes). in_use = The file '{FILE}' is currently edited by someone else. -dir_replace = You are not allowed to replace a directory. -noview = You have not enough permissions to view this file. +invalid_group = '{GROUP}' seems to be an invalid group name. Please check it and try again. +lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). +mkdir_failed = Could not create directory '{DIR}'. +mkfile_failed = Could not create file '{FILE}'. +noedit = You have not enough permissions to edit this file. nocopy = You have not enough permissions to copy this file. +noview = You have not enough permissions to view this file. no_dir_access = You have not enough permissions to access this directory. -dircopy = This editor is not able to copy directories. -cmd_unknown = Unknown command: {COMMAND} -lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). +no_root_access = You have not enough permissions to access the root directory. +no_root_dir = The root directory does not exist or is not a directory. +no_users = It seems that your system doesn't support users and groups. not_exist = File/directory does not exist. -dir_not_exist = The directory where you want to create this file or directory doesn't exist. -file_too_large = The file you want to view or edit is too large (max. {SIZE} Bytes). +not_owner = You are not the owner of {FILE}, so you are not allowed to change the mode and the group. remove_root = You are not allowed to remove the root directory. +rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. rename_root = You are not allowed to move/rename the root directory. -no_users = It seems that your system doesn't support users and groups. -not_owner = You are not the owner of {FILE}, so you are not allowed to change the mode and the group. -invalid_group = '{GROUP}' seems to be an invalid group name. Please check it and try again. +text_to_binary = You aren't allowed to write text data into a binary file. # End of configuration file \ No newline at end of file diff --git a/templates.dat b/templates.dat index 320c132..65472cc 100644 --- a/templates.dat +++ b/templates.dat @@ -1,23 +1,23 @@ # This file contains the paths to the template files # used by Dev-Editor -dirlist = templates/dirlist.htm -viewfile = templates/viewfile.htm -editfile = templates/editfile.htm -copyfile = templates/copyfile.htm -renamefile = templates/renamefile.htm -mkfile = templates/mkfile.htm -mkdir = templates/mkdir.htm -upload = templates/upload.htm -confirm_rmfile = templates/confirm_rmfile.htm +about = templates/about.htm +chprop = templates/chprop.htm +confirm_replace = templates/confirm_replace.htm confirm_rmdir = templates/confirm_rmdir.htm +confirm_rmfile = templates/confirm_rmfile.htm confirm_unlock = templates/confirm_unlock.htm -confirm_replace = templates/confirm_replace.htm -dirlist_file = templates/dirlist_file.htm +copyfile = templates/copyfile.htm +dirlist = templates/dirlist.htm dirlist_dir = templates/dirlist_dir.htm +dirlist_file = templates/dirlist_file.htm dirlist_up = templates/dirlist_up.htm -chprop = templates/chprop.htm +editfile = templates/editfile.htm error = templates/error.htm -about = templates/about.htm +mkdir = templates/mkdir.htm +mkfile = templates/mkfile.htm +renamefile = templates/renamefile.htm +upload = templates/upload.htm +viewfile = templates/viewfile.htm # End of configuration file \ No newline at end of file -- 2.34.1 From ff6b963d7af92549b2832612227b86d78ebf4140 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Wed, 10 Nov 2004 15:05:57 +0000 Subject: [PATCH 06/16] Another bug in the same line! I should work more properly... --- modules/Command.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Command.pm b/modules/Command.pm index abff136..eb68421 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-11-09 +# Last modified: 2004-11-10 # use strict; @@ -100,7 +100,7 @@ sub exec_show($$) return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'dir_read_failed'},upper_path($virtual),{DIR => $virtual}) unless($direntries); + return error($config->{'dir_read_fail'},upper_path($virtual),{DIR => $virtual}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; -- 2.34.1 From 73f2498331782691215bb4cc02fc4431145b7027 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sat, 13 Nov 2004 08:56:34 +0000 Subject: [PATCH 07/16] - The abort() routine from the Output module is now also able to display a link at the bottom of the error message. It is a direct wrapper to the error() routine. Thus, the following error messages now contain a link at the bottom: - File not found - Accessing above the virtual root directory - Creating an object above the virtual root directory - Directory where Dev-Editor should create an object does not exist - It was possible to access the directory containing the virtual root directory. Well, it was only read-access. --- devedit.pl | 12 ++++++------ modules/Output.pm | 11 ++++++----- modules/Tool.pm | 6 ++++-- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/devedit.pl b/devedit.pl index eccebd0..aa7a3ca 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2004-11-07 +# Last modified: 2004-11-13 # use strict; @@ -72,14 +72,14 @@ if($newfile ne '' && $newfile !~ /^\s+$/) unless(-d clean_path($config->{'fileroot'}."/".$dir)) { - abort($config->{'errors'}->{'dir_not_exist'}); + abort($config->{'errors'}->{'dir_not_exist'},"/"); } # ... and check if the path is above the root directory unless(($new_physical,$new_virtual) = check_path($config->{'fileroot'},$dir)) { - abort($config->{'errors'}->{'create_ar'}); + abort($config->{'errors'}->{'create_ar'},"/"); } # Create the physical and the virtual path @@ -100,7 +100,7 @@ if(-e clean_path($config->{'fileroot'}."/".$file)) lockfile => $config->{'lock_file'}, timeout => $config->{'lock_timeout'}); - $uselist->lock or abort($config->{'errors'}->{'lock_failed'},{USELIST => $config->{'uselist_file'}, LOCK_FILE => $config->{'lock_file'}}); + $uselist->lock or abort($config->{'errors'}->{'lock_failed'},undef,{USELIST => $config->{'uselist_file'}, LOCK_FILE => $config->{'lock_file'}}); $uselist->load; # Create a hash with data submitted by user @@ -122,12 +122,12 @@ if(-e clean_path($config->{'fileroot'}."/".$file)) } else { - abort($config->{'errors'}->{'above_root'}); + abort($config->{'errors'}->{'above_root'},"/"); } } else { - abort($config->{'errors'}->{'not_exist'}); + abort($config->{'errors'}->{'not_exist'},"/"); } # diff --git a/modules/Output.pm b/modules/Output.pm index eff7459..5fd22bf 100644 --- a/modules/Output.pm +++ b/modules/Output.pm @@ -6,7 +6,7 @@ package Output; # HTML generating routines # # Author: Patrick Canterino -# Last modified: 2004-03-12 +# Last modified: 2004-11-13 # use strict; @@ -46,7 +46,7 @@ sub error_template($) # Format an error message # # Params: 1. Error message -# 2. Virtual path to which a link should be displayed (optional) +# 2. Display a link to this path at the bottom of the page (optional) # 3. Hash reference: Template variables (optional) # # Return: Formatted message (Scalar Reference) @@ -84,11 +84,12 @@ sub error($;$$) # ^^^^^ # # Params: 1. Error message -# 2. Hash reference: Template variables (optional) +# 2. Display a link to this path at the bottom of the page (optional) +# 3. Hash reference: Template variables (optional) -sub abort($;$) +sub abort($;$$) { - my $output = error(shift,undef,shift); + my $output = error(shift,shift,shift); print $$output; exit; } diff --git a/modules/Tool.pm b/modules/Tool.pm index 8d578ef..2d044e0 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -6,7 +6,7 @@ package Tool; # Some shared sub routines # # Author: Patrick Canterino -# Last modified: 2004-11-04 +# Last modified: 2004-11-13 # use strict; @@ -64,11 +64,13 @@ sub check_path($$) $first = abs_path($first); $path = $first."/".$last; - $path = File::Spec->canonpath($path); + $first = File::Spec->canonpath($first); + $path = File::Spec->canonpath($path); # Check if the path is above the root directory return if(index($path,$root) == -1); + return if($first eq $root && $last =~ m!^(/|\\)?\.\.(/|\\)?$!); # Create short path name -- 2.34.1 From 2c1ae8ce0d1d7a090d02166c31e8b87b4806d1ff Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sat, 13 Nov 2004 09:13:02 +0000 Subject: [PATCH 08/16] The path the user wants to access must now BEGIN with the root directory. The old check made it possible to access a directory structure outside the root directory similar to the root directory. --- modules/Tool.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Tool.pm b/modules/Tool.pm index 2d044e0..c3548b0 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -69,7 +69,7 @@ sub check_path($$) # Check if the path is above the root directory - return if(index($path,$root) == -1); + return if(index($path,$root) != 0); return if($first eq $root && $last =~ m!^(/|\\)?\.\.(/|\\)?$!); # Create short path name -- 2.34.1 From 62cbcbc479d1266f6a6a0e06ef82dd74b00c9fad Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Mon, 22 Nov 2004 14:01:30 +0000 Subject: [PATCH 09/16] Added single quotes around the "COMMAND" variable in the "cmd_unknown" error message and around the "FILE" variable in the "not_owner" error message. --- errors.dat | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/errors.dat b/errors.dat index e6c1549..4121842 100644 --- a/errors.dat +++ b/errors.dat @@ -2,7 +2,7 @@ above_root = Accessing files and directories above the virtual root directory is forbidden. binary = This editor is not able to view/edit binary files. -cmd_unknown = Unknown command: {COMMAND} +cmd_unknown = Unknown command: '{COMMAND}' copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. create_ar = You aren't allowed to create files and directories above the virtual root directory. delete_failed = Could not delete file '{FILE}'. @@ -29,7 +29,7 @@ no_root_access = You have not enough permissions to access the root directory. no_root_dir = The root directory does not exist or is not a directory. no_users = It seems that your system doesn't support users and groups. not_exist = File/directory does not exist. -not_owner = You are not the owner of {FILE}, so you are not allowed to change the mode and the group. +not_owner = You are not the owner of '{FILE}', so you are not allowed to change the mode and the group. remove_root = You are not allowed to remove the root directory. rename_failed = Could not move/rename '{FILE}' to '{NEW_FILE}'. rename_root = You are not allowed to move/rename the root directory. -- 2.34.1 From 915706d25a5998472cb0189860e6690ac2b38f6f Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Wed, 24 Nov 2004 16:35:20 +0000 Subject: [PATCH 10/16] - Added new if blocks to the templates about.htm and chprop.htm: The blocks are named "group_detected" and "user_detected" and show if Dev-Editor could successfully convert a group or user ID into the corresponding name. - Cleaned exec_beginedit() and exec_endedit() - More proper encoding of HTML entities at some points (still needs work) --- modules/Command.pm | 91 ++++++++++++++++++++++++++++++-------------- modules/Tool.pm | 2 +- templates/about.htm | 4 +- templates/chprop.htm | 2 +- 4 files changed, 66 insertions(+), 33 deletions(-) diff --git a/modules/Command.pm b/modules/Command.pm index eb68421..26bc5c8 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-11-10 +# Last modified: 2004-11-23 # use strict; @@ -118,7 +118,7 @@ sub exec_show($$) $udtpl->read_file($config->{'templates'}->{'dirlist_up'}); $udtpl->fillin("UPPER_DIR",encode_entities(upper_path($virtual))); - $udtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); + $udtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); $dirlist .= $udtpl->get_template; } @@ -137,7 +137,7 @@ sub exec_show($$) $dtpl->fillin("DIR",$virt_path); $dtpl->fillin("DIR_NAME",$dir); - $dtpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); + $dtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); $dtpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); $dtpl->parse_if_block("readable",-r $phys_path && -x $phys_path); @@ -162,7 +162,7 @@ sub exec_show($$) $ftpl->fillin("FILE",$virt_path); $ftpl->fillin("FILE_NAME",$file); $ftpl->fillin("SIZE",$stat[7]); - $ftpl->fillin("DATE",strftime($config->{'timeformat'},localtime($stat[9]))); + $ftpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); $ftpl->fillin("URL",equal_url($config->{'httproot'},$virt_path)); $ftpl->parse_if_block("not_readable",not -r $phys_path); @@ -255,11 +255,12 @@ sub exec_beginedit($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); my $uselist = $data->{'uselist'}; - return error($config->{'errors'}->{'editdir'},upper_path($virtual)) if(-d $physical); - return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($uselist->in_use($virtual)); - return error($config->{'errors'}->{'noedit'},upper_path($virtual)) unless(-r $physical && -w $physical); + return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); + return error($config->{'errors'}->{'in_use'}, $dir,{FILE => $virtual}) if($uselist->in_use($virtual)); + return error($config->{'errors'}->{'noedit'}, $dir) unless(-r $physical && -w $physical); # Check on binary files @@ -267,13 +268,13 @@ sub exec_beginedit($$) { # Binary file - return error($config->{'errors'}->{'binary'},upper_path($virtual)); + return error($config->{'errors'}->{'binary'},$dir); } else { - if($config->{'max_file_size'} && (stat($physical))[7] > $config->{'max_file_size'}) + if($config->{'max_file_size'} && (-s $physical) > $config->{'max_file_size'}) { - return error($config->{'errors'}->{'file_too_large'},upper_path($virtual),{SIZE => $config->{'max_file_size'}}) + return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) } else { @@ -289,7 +290,7 @@ sub exec_beginedit($$) $tpl->read_file($config->{'templates'}->{'editfile'}); $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("DIR",$dir); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); $tpl->fillin("CONTENT",encode_entities($$content)); @@ -334,6 +335,7 @@ sub exec_endedit($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $dir = upper_path($virtual); my $content = $data->{'cgi'}->param('filecontent'); my $uselist = $data->{'uselist'}; @@ -365,22 +367,22 @@ sub exec_endedit($$) # Check if someone else is editing the new file - return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($uselist->in_use($virtual)); + return error($config->{'errors'}->{'in_use'},$dir,{FILE => $virtual}) if($uselist->in_use($virtual)); } - return error($config->{'errors'}->{'text_to_binary'},upper_path($virtual)) unless(-T $physical); - return error($config->{'errors'}->{'editdir'},upper_path($virtual)) if(-d $physical); - return error($config->{'errors'}->{'noedit'}, upper_path($virtual)) if(-e $physical && !(-r $physical && -w $physical)); + return error($config->{'errors'}->{'text_to_binary'},$dir) unless(-T $physical); + return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); + return error($config->{'errors'}->{'noedit'}, $dir) if(-e $physical && !(-r $physical && -w $physical)); if(file_save($physical,\$content)) { # Saving of the file was successful - so unlock it! - return devedit_reload({command => 'show', file => upper_path($virtual)}); + return devedit_reload({command => 'show', file => $dir}); } else { - return error($config->{'errors'}->{'edit_failed'},upper_path($virtual),{FILE => $virtual}); + return error($config->{'errors'}->{'edit_failed'},$dir,{FILE => $virtual}); } } @@ -779,7 +781,7 @@ sub exec_chprop($$) if($group) { - return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => $group}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); + return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_entities($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); system("chgrp",$group,$physical); } @@ -787,20 +789,34 @@ sub exec_chprop($$) } else { + # Display the form + my @stat = stat($physical); my $mode = $stat[2]; my $mode_oct = substr(sprintf("%04o",$mode),-4); my $gid = $stat[5]; - my $group = getgrgid($gid); my $tpl = new Template; $tpl->read_file($config->{'templates'}->{'chprop'}); + # Insert file properties into the template + $tpl->fillin("MODE_OCTAL",$mode_oct); $tpl->fillin("MODE_STRING",mode_string($mode)); $tpl->fillin("GID",$gid); - $tpl->fillin("GROUP",$group); + + if(my $group = getgrgid($gid)) + { + $tpl->fillin("GROUP",encode_entities($group)); + $tpl->parse_if_block("group_detected",1); + } + else + { + $tpl->parse_if_block("group_detected",0); + } + + # Insert other information $tpl->fillin("FILE",$virtual); $tpl->fillin("DIR",$dir); @@ -888,21 +904,21 @@ sub exec_about($$) # Some path information - $tpl->fillin("SCRIPT_PHYS",$ENV{'SCRIPT_FILENAME'}); - $tpl->fillin("CONFIG_PATH",$data->{'configfile'}); - $tpl->fillin("FILE_ROOT",$config->{'fileroot'}); - $tpl->fillin("HTTP_ROOT",$config->{'httproot'}); + $tpl->fillin("SCRIPT_PHYS",encode_entities($ENV{'SCRIPT_FILENAME'})); + $tpl->fillin("CONFIG_PATH",encode_entities($data->{'configfile'})); + $tpl->fillin("FILE_ROOT", encode_entities($config->{'fileroot'})); + $tpl->fillin("HTTP_ROOT", encode_entities($config->{'httproot'})); # Perl - $tpl->fillin("PERL_PROG",$^X); + $tpl->fillin("PERL_PROG",encode_entities($^X)); $tpl->fillin("PERL_VER",sprintf("%vd",$^V)); # Information about the server - $tpl->fillin("HTTPD",$ENV{'SERVER_SOFTWARE'}); + $tpl->fillin("HTTPD",encode_entities($ENV{'SERVER_SOFTWARE'})); $tpl->fillin("OS",$^O); - $tpl->fillin("TIME",strftime($config->{'timeformat'},localtime)); + $tpl->fillin("TIME",encode_entities(strftime($config->{'timeformat'},localtime))); # Process information @@ -927,8 +943,25 @@ sub exec_about($$) # Names of user and group - $tpl->fillin("USER",getpwuid($uid)); - $tpl->fillin("GROUP",getgrgid($gid)); + if(my $user = getpwuid($uid)) + { + $tpl->fillin("USER",encode_entities($user)); + $tpl->parse_if_block("user_detected",1); + } + else + { + $tpl->parse_if_block("user_detected",0); + } + + if(my $group = getgrgid($gid)) + { + $tpl->fillin("GROUP",encode_entities($group)); + $tpl->parse_if_block("group_detected",1); + } + else + { + $tpl->parse_if_block("group_detected",0); + } # Process umask diff --git a/modules/Tool.pm b/modules/Tool.pm index c3548b0..2b73423 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -35,7 +35,7 @@ use base qw(Exporter); # check_path() # -# Check, if a virtual path is above a virtual root directory +# Check if a virtual path is above a virtual root directory # (currently no check if the path exists - check otherwise!) # # Params: 1. Virtual root directory diff --git a/templates/about.htm b/templates/about.htm index 761be8f..8f2778a 100644 --- a/templates/about.htm +++ b/templates/about.htm @@ -204,12 +204,12 @@ WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. {IF users} User: -{USER} (UID: {UID}) +{IF user_detected}{USER} ({ENDIF}UID: {UID}{IF user_detected}){ENDIF} Group: -{GROUP} (GID: {GID}) +{IF group_detected}{GROUP} ({ENDIF}GID: {GID}{IF group_detected}){ENDIF} diff --git a/templates/chprop.htm b/templates/chprop.htm index e9df5b0..4a9fc3f 100644 --- a/templates/chprop.htm +++ b/templates/chprop.htm @@ -16,7 +16,7 @@

Current mode: {MODE_STRING} (Octal: {MODE_OCTAL})

-

Current group: {GROUP} (GID: {GID})

+

Current group: {IF group_detected}{GROUP} ({ENDIF}GID: {GID}{IF group_detected}){ENDIF}

-- 2.34.1 From ea86dd1c2b813a085290e0e24040122c2487182b Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Wed, 24 Nov 2004 16:56:04 +0000 Subject: [PATCH 11/16] - Check if the user really wants to upload a file to a directory - Cleaned exec_show() --- errors.dat | 1 + modules/Command.pm | 29 ++++++++++++++++++++--------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/errors.dat b/errors.dat index 4121842..b09148f 100644 --- a/errors.dat +++ b/errors.dat @@ -25,6 +25,7 @@ noedit = You have not enough permissions to edit this file. nocopy = You have not enough permissions to copy this file. noview = You have not enough permissions to view this file. no_dir_access = You have not enough permissions to access this directory. +no_directory = '{FILE}' is not a directory. no_root_access = You have not enough permissions to access the root directory. no_root_dir = The root directory does not exist or is not a directory. no_users = It seems that your system doesn't support users and groups. diff --git a/modules/Command.pm b/modules/Command.pm index 26bc5c8..84a0378 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-11-23 +# Last modified: 2004-11-24 # use strict; @@ -89,6 +89,7 @@ sub exec_show($$) my ($data,$config) = @_; my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; + my $upper_path = upper_path($virtual); my $uselist = $data->{'uselist'}; my $tpl = new Template; @@ -97,10 +98,10 @@ sub exec_show($$) { # Create directory listing - return error($config->{'errors'}->{'no_dir_access'},upper_path($virtual)) unless(-r $physical && -x $physical); + return error($config->{'errors'}->{'no_dir_access'},$upper_path) unless(-r $physical && -x $physical); my $direntries = dir_read($physical); - return error($config->{'dir_read_fail'},upper_path($virtual),{DIR => $virtual}) unless($direntries); + return error($config->{'dir_read_fail'},$upper_path,{DIR => $virtual}) unless($direntries); my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; @@ -117,7 +118,7 @@ sub exec_show($$) my $udtpl = new Template; $udtpl->read_file($config->{'templates'}->{'dirlist_up'}); - $udtpl->fillin("UPPER_DIR",encode_entities(upper_path($virtual))); + $udtpl->fillin("UPPER_DIR",encode_entities($upper_path)); $udtpl->fillin("DATE",encode_entities(strftime($config->{'timeformat'},localtime($stat[9])))); $dirlist .= $udtpl->get_template; @@ -194,7 +195,7 @@ sub exec_show($$) { # View a file - return error($config->{'errors'}->{'noview'},upper_path($virtual)) unless(-r $physical); + return error($config->{'errors'}->{'noview'},$upper_path) unless(-r $physical); # Check on binary files # We have to do it in this way, or empty files @@ -204,17 +205,17 @@ sub exec_show($$) { # Binary file - return error($config->{'errors'}->{'binary'},upper_path($virtual)); + return error($config->{'errors'}->{'binary'},$upper_path); } else { # Text file - my $size = (stat($physical))[7]; + my $size = -s $physical; if($config->{'max_file_size'} && $size > $config->{'max_file_size'}) { - return error($config->{'errors'}->{'file_too_large'},upper_path($virtual),{SIZE => $config->{'max_file_size'}}) + return error($config->{'errors'}->{'file_too_large'},$upper_path,{SIZE => $config->{'max_file_size'}}) } else { @@ -224,7 +225,7 @@ sub exec_show($$) $tpl->read_file($config->{'templates'}->{'viewfile'}); $tpl->fillin("FILE",$virtual); - $tpl->fillin("DIR",upper_path($virtual)); + $tpl->fillin("DIR",$upper_path); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); @@ -480,6 +481,8 @@ sub exec_upload($$) my $virtual = $data->{'virtual'}; my $cgi = $data->{'cgi'}; + return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical); + if(my $uploaded_file = $cgi->param('uploaded_file')) { # Process file upload @@ -766,12 +769,18 @@ sub exec_chprop($$) if($users) { + # System supports user and groups + if(-o $physical) { + # We own this file + if($mode || $group) { if($mode) { + # Change the mode + my $oct_mode = $mode; $oct_mode = "0".$oct_mode if(length($oct_mode) == 3); $oct_mode = oct($oct_mode); @@ -781,6 +790,8 @@ sub exec_chprop($$) if($group) { + # Change the group using the `chgrp` system command + return error($config->{'errors'}->{'invalid_group'},$dir,{GROUP => encode_entities($group)}) unless($group =~ /^[a-z0-9_]+[a-z0-9_-]*$/i); system("chgrp",$group,$physical); } -- 2.34.1 From 0577a1ece82df55f43840d9187fd5b150ec25361 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Thu, 25 Nov 2004 15:19:50 +0000 Subject: [PATCH 12/16] Some small changes --- modules/Command.pm | 19 ++++++++----------- modules/Config/DevEdit.pm | 4 ++-- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/modules/Command.pm b/modules/Command.pm index 84a0378..f2b1a04 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-11-24 +# Last modified: 2004-11-25 # use strict; @@ -171,7 +171,6 @@ sub exec_show($$) $ftpl->parse_if_block("readonly",not -w $phys_path); $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'})); - $ftpl->parse_if_block("editable",-r $phys_path && -w $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}) && not $in_use); $ftpl->parse_if_block("in_use",$in_use); @@ -211,9 +210,7 @@ sub exec_show($$) { # Text file - my $size = -s $physical; - - if($config->{'max_file_size'} && $size > $config->{'max_file_size'}) + if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}) { return error($config->{'errors'}->{'file_too_large'},$upper_path,{SIZE => $config->{'max_file_size'}}) } @@ -229,7 +226,7 @@ sub exec_show($$) $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); $tpl->fillin("SCRIPT",$script); - $tpl->parse_if_block("editable",-r $physical && -w $physical && -T $physical && not ($config->{'max_file_size'} && $size > $config->{'max_file_size'}) && $uselist->unused($virtual)); + $tpl->parse_if_block("editable",-w $physical && $uselist->unused($virtual)); $tpl->fillin("CONTENT",encode_entities($$content)); } @@ -273,7 +270,7 @@ sub exec_beginedit($$) } else { - if($config->{'max_file_size'} && (-s $physical) > $config->{'max_file_size'}) + if($config->{'max_file_size'} && -s $physical > $config->{'max_file_size'}) { return error($config->{'errors'}->{'file_too_large'},$dir,{SIZE => $config->{'max_file_size'}}) } @@ -489,7 +486,7 @@ sub exec_upload($$) my $filename = file_name($uploaded_file); my $file_phys = $physical."/".$filename; - my $file_virt = $virtual."".$filename; + my $file_virt = $virtual.$filename; return error($config->{'errors'}->{'file_exists'},$virtual,{FILE => $file_virt}) if(-e $file_phys && not $cgi->param('overwrite')); @@ -498,7 +495,7 @@ sub exec_upload($$) local *FILE; - open(FILE,">$file_phys") or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); + open(FILE,">".$file_phys) or return error($config->{'errors'}->{'mkfile_failed'},$virtual,{FILE => $file_virt}); binmode(FILE) unless($ascii); # Read transferred file and write it to disk @@ -543,8 +540,8 @@ sub exec_copy($$) my $virtual = encode_entities($data->{'virtual'}); my $new_physical = $data->{'new_physical'}; - return error($config->{'errors'}->{'dircopy'}) if(-d $physical); - return error($config->{'errors'}->{'nocopy'}) unless(-r $physical); + return error($config->{'errors'}->{'dircopy'},upper_path($virtual)) if(-d $physical); + return error($config->{'errors'}->{'nocopy'},upper_path($virtual)) unless(-r $physical); if($new_physical) { diff --git a/modules/Config/DevEdit.pm b/modules/Config/DevEdit.pm index fcad456..0286f5a 100644 --- a/modules/Config/DevEdit.pm +++ b/modules/Config/DevEdit.pm @@ -6,7 +6,7 @@ package Config::DevEdit; # Read and parse the configuration files # # Author: Patrick Canterino -# Last modified: 2004-10-28 +# Last modified: 2004-11-24 # use strict; @@ -53,7 +53,7 @@ sub parse_config($) my $file = shift; local *CF; - open(CF,"<$file") or croak("Open $file: $!"); + open(CF,"<".$file) or croak("Open $file: $!"); read(CF, my $data, -s $file); close(CF); -- 2.34.1 From 4fb80b78acb8c336200b5fe20403bcb94c0aed98 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Fri, 26 Nov 2004 16:00:27 +0000 Subject: [PATCH 13/16] - Check if we have enough permissions to write in directory at the following points: - Before executing a command which creates a new file - Before uploading a file - Before removing or moving/renaming a file or directory - oct() does not care about leading zeros, the resulting value is always the same. - The name of the variable which will be replaced by a directory to go back to in error.htm was renamed from "{DIR}" to "{BACK}". "{DIR}" caused some problems. - Changed the names of some error messages: nocopy -> no_copy noedit -> no_edit noview -> no_view --- devedit.pl | 10 +++++++++- errors.dat | 9 ++++++--- modules/Command.pm | 30 +++++++++++++++++------------- modules/Output.pm | 4 ++-- templates/chprop.htm | 2 +- templates/dirlist_dir.htm | 2 +- templates/dirlist_file.htm | 2 +- templates/error.htm | 2 +- 8 files changed, 38 insertions(+), 23 deletions(-) diff --git a/devedit.pl b/devedit.pl index aa7a3ca..3ec92df 100644 --- a/devedit.pl +++ b/devedit.pl @@ -6,7 +6,7 @@ # Dev-Editor's main program # # Author: Patrick Canterino -# Last modified: 2004-11-13 +# Last modified: 2004-11-26 # use strict; @@ -82,6 +82,14 @@ if($newfile ne '' && $newfile !~ /^\s+$/) abort($config->{'errors'}->{'create_ar'},"/"); } + # Check if we have enough permissions to create a file + # in this directory + + unless(-r $new_physical && -w $new_physical && -x $new_physical) + { + abort($config->{'errors'}->{'dir_no_create'},"/",{DIR => $new_virtual}); + } + # Create the physical and the virtual path $new_physical = File::Spec->canonpath($new_physical."/".$file); diff --git a/errors.dat b/errors.dat index b09148f..995e5f8 100644 --- a/errors.dat +++ b/errors.dat @@ -7,6 +7,7 @@ copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. create_ar = You aren't allowed to create files and directories above the virtual root directory. delete_failed = Could not delete file '{FILE}'. dircopy = This editor is not able to copy directories. +dir_no_create = You have not enough permissions to create a file in the directory '{DIRECTORY}'. dir_not_exist = The directory where you want to create this file or directory doesn't exist. dir_read_fail = Reading of directory '{DIR}' failed. dir_replace = You are not allowed to replace a directory. @@ -21,14 +22,16 @@ invalid_group = '{GROUP}' seems to be an invalid group name. Please check it an lock_failed = Locking of '{USELIST}' failed. Try it again in a moment. If the problem persists, ask someone to recreate the lock file ('{LOCK_FILE}'). mkdir_failed = Could not create directory '{DIR}'. mkfile_failed = Could not create file '{FILE}'. -noedit = You have not enough permissions to edit this file. -nocopy = You have not enough permissions to copy this file. -noview = You have not enough permissions to view this file. +no_copy = You have not enough permissions to copy this file. +no_delete = You have not enough permissions to delete this file. no_dir_access = You have not enough permissions to access this directory. no_directory = '{FILE}' is not a directory. +no_edit = You have not enough permissions to edit this file. +no_rename = You have not enough permissions to move/rename this file. no_root_access = You have not enough permissions to access the root directory. no_root_dir = The root directory does not exist or is not a directory. no_users = It seems that your system doesn't support users and groups. +no_view = You have not enough permissions to view this file. not_exist = File/directory does not exist. not_owner = You are not the owner of '{FILE}', so you are not allowed to change the mode and the group. remove_root = You are not allowed to remove the root directory. diff --git a/modules/Command.pm b/modules/Command.pm index f2b1a04..83739f0 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -6,7 +6,7 @@ package Command; # Execute Dev-Editor's commands # # Author: Patrick Canterino -# Last modified: 2004-11-25 +# Last modified: 2004-11-26 # use strict; @@ -106,6 +106,8 @@ sub exec_show($$) my $files = $direntries->{'files'}; my $dirs = $direntries->{'dirs'}; + my $dir_writeable = -w $physical; + my $dirlist = ""; # Create the link to the upper directory @@ -156,6 +158,7 @@ sub exec_show($$) my @stat = stat($phys_path); my $in_use = $uselist->in_use($virtual.$file); + my $too_large = $config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}; my $ftpl = new Template; $ftpl->read_file($config->{'templates'}->{'dirlist_file'}); @@ -170,8 +173,8 @@ sub exec_show($$) $ftpl->parse_if_block("binary",-B $phys_path); $ftpl->parse_if_block("readonly",not -w $phys_path); - $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'})); - $ftpl->parse_if_block("editable",-r $phys_path && -w $phys_path && -T $phys_path && not ($config->{'max_file_size'} && $stat[7] > $config->{'max_file_size'}) && not $in_use); + $ftpl->parse_if_block("viewable",-r $phys_path && -T $phys_path && not $too_large); + $ftpl->parse_if_block("editable",-r $phys_path && -w $phys_path && -T $phys_path && not $too_large && not $in_use); $ftpl->parse_if_block("in_use",$in_use); $ftpl->parse_if_block("unused",not $in_use); @@ -189,12 +192,14 @@ sub exec_show($$) $tpl->fillin("DIR",$virtual); $tpl->fillin("SCRIPT",$script); $tpl->fillin("URL",equal_url($config->{'httproot'},$virtual)); + + $tpl->parse_if_block("dir_writeable",$dir_writeable); } else { # View a file - return error($config->{'errors'}->{'noview'},$upper_path) unless(-r $physical); + return error($config->{'errors'}->{'no_view'},$upper_path) unless(-r $physical); # Check on binary files # We have to do it in this way, or empty files @@ -258,7 +263,7 @@ sub exec_beginedit($$) return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); return error($config->{'errors'}->{'in_use'}, $dir,{FILE => $virtual}) if($uselist->in_use($virtual)); - return error($config->{'errors'}->{'noedit'}, $dir) unless(-r $physical && -w $physical); + return error($config->{'errors'}->{'no_edit'},$dir) unless(-r $physical && -w $physical); # Check on binary files @@ -370,7 +375,7 @@ sub exec_endedit($$) return error($config->{'errors'}->{'text_to_binary'},$dir) unless(-T $physical); return error($config->{'errors'}->{'editdir'},$dir) if(-d $physical); - return error($config->{'errors'}->{'noedit'}, $dir) if(-e $physical && !(-r $physical && -w $physical)); + return error($config->{'errors'}->{'no_edit'},$dir) if(-e $physical && !(-r $physical && -w $physical)); if(file_save($physical,\$content)) { @@ -479,6 +484,7 @@ sub exec_upload($$) my $cgi = $data->{'cgi'}; return error($config->{'errors'}->{'no_directory'},upper_path($virtual),{FILE => $virtual}) unless(-d $physical); + return error($config->{'errors'}->{'dir_no_create'},$virtual,{DIR => $virtual}); if(my $uploaded_file = $cgi->param('uploaded_file')) { @@ -541,7 +547,7 @@ sub exec_copy($$) my $new_physical = $data->{'new_physical'}; return error($config->{'errors'}->{'dircopy'},upper_path($virtual)) if(-d $physical); - return error($config->{'errors'}->{'nocopy'},upper_path($virtual)) unless(-r $physical); + return error($config->{'errors'}->{'no_copy'},upper_path($virtual)) unless(-r $physical); if($new_physical) { @@ -616,6 +622,7 @@ sub exec_rename($$) my $new_physical = $data->{'new_physical'}; return error($config->{'errors'}->{'rename_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'no_rename'},upper_path($virtual)) unless(-w upper_path($physical)); return error($config->{'errors'}->{'in_use'},upper_path($virtual),{FILE => $virtual}) if($data->{'uselist'}->in_use($virtual)); if($new_physical) @@ -689,7 +696,8 @@ sub exec_remove($$) my $physical = $data->{'physical'}; my $virtual = $data->{'virtual'}; - return error($config->{'errors'}->{'remove_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'remove_root'},"/") if($virtual eq "/"); + return error($config->{'errors'}->{'no_delete'},upper_path($virtual)) unless(-w upper_path($physical)); if(-d $physical) { @@ -778,11 +786,7 @@ sub exec_chprop($$) { # Change the mode - my $oct_mode = $mode; - $oct_mode = "0".$oct_mode if(length($oct_mode) == 3); - $oct_mode = oct($oct_mode); - - chmod($oct_mode,$physical); + chmod(oct($mode),$physical); } if($group) diff --git a/modules/Output.pm b/modules/Output.pm index 5fd22bf..9ab8697 100644 --- a/modules/Output.pm +++ b/modules/Output.pm @@ -6,7 +6,7 @@ package Output; # HTML generating routines # # Author: Patrick Canterino -# Last modified: 2004-11-13 +# Last modified: 2004-11-26 # use strict; @@ -59,7 +59,7 @@ sub error($;$$) $tpl->read_file($tpl_error); $tpl->fillin("ERROR",$message); - $tpl->fillin("DIR",$path); + $tpl->fillin("BACK",$path); $tpl->fillin("SCRIPT",encode_entities($ENV{'SCRIPT_NAME'})); $tpl->parse_if_block("dir",defined $path); diff --git a/templates/chprop.htm b/templates/chprop.htm index 4a9fc3f..e5ed8f5 100644 --- a/templates/chprop.htm +++ b/templates/chprop.htm @@ -43,7 +43,7 @@
  • Change mode:
    -Use an octal number to change the mode of the file. You may use the three or four number form. For this, SetUID, SetGID and Sticky Bit are also supported.
    • +Use an octal number to change the mode of the file. SetUID, SetGID and Sticky Bit are also supported.
  • Change group:
    Enter the group name or the group ID the file should be assigned to. If a group name is also a numeric group ID, the value is used as a group name.
diff --git a/templates/dirlist_dir.htm b/templates/dirlist_dir.htm index 6a1a740..cfac797 100644 --- a/templates/dirlist_dir.htm +++ b/templates/dirlist_dir.htm @@ -2,5 +2,5 @@ [SUBDIR] {DATE} {IF readable}{DIR_NAME}/{ELSE}{DIR_NAME}/{ENDIF} -(Rename | Delete |{IF users} Chmod/Chgrp |{ENDIF} View in Browser) +({IF dir_writeable}Rename | Delete | {ENDIF}{IF users}Chmod/Chgrp | {ENDIF}View in Browser) diff --git a/templates/dirlist_file.htm b/templates/dirlist_file.htm index 1de43ca..720ae17 100644 --- a/templates/dirlist_file.htm +++ b/templates/dirlist_file.htm @@ -2,5 +2,5 @@ {SIZE} {DATE} {FILE_NAME} -({IF viewable}View{ELSE}View{ENDIF} | {IF editable}Edit{ELSE}Edit{ENDIF} | Copy{IF unused} | Rename | Delete{ENDIF}{IF in_use} | Unlock{ENDIF} |{IF users} Chmod/Chgrp |{ENDIF} View in Browser) +({IF viewable}View{ELSE}View{ENDIF} | {IF editable}Edit{ELSE}Edit{ENDIF} | Copy{IF unused}{IF dir_writeable} | Rename | Delete{ENDIF}{ENDIF}{IF in_use} | Unlock{ENDIF} |{IF users} Chmod/Chgrp |{ENDIF} View in Browser) diff --git a/templates/error.htm b/templates/error.htm index 5698904..17abf7f 100644 --- a/templates/error.htm +++ b/templates/error.htm @@ -12,6 +12,6 @@

{ERROR}

{IF dir} -

Back to {DIR}

{ENDIF} +

Back to {BACK}

{ENDIF} \ No newline at end of file -- 2.34.1 From 28756a17617639eff8ce8d5014d3ec0acdd146d2 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Fri, 26 Nov 2004 17:35:58 +0000 Subject: [PATCH 14/16] - Don't display the file upload link in directory listing if Dev-Editor has no write access to this directory. - Wrong variable "{DIRECTORY}" in error message "dir_no_create" - it should be "{DIR}". --- errors.dat | 2 +- templates/dirlist.htm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/errors.dat b/errors.dat index 995e5f8..25351c4 100644 --- a/errors.dat +++ b/errors.dat @@ -7,7 +7,7 @@ copy_failed = Could not copy '{FILE}' to '{NEW_FILE}'. create_ar = You aren't allowed to create files and directories above the virtual root directory. delete_failed = Could not delete file '{FILE}'. dircopy = This editor is not able to copy directories. -dir_no_create = You have not enough permissions to create a file in the directory '{DIRECTORY}'. +dir_no_create = You have not enough permissions to create a file in the directory '{DIR}'. dir_not_exist = The directory where you want to create this file or directory doesn't exist. dir_read_fail = Reading of directory '{DIR}' failed. dir_replace = You are not allowed to replace a directory. diff --git a/templates/dirlist.htm b/templates/dirlist.htm index 4ce6c19..2db1617 100644 --- a/templates/dirlist.htm +++ b/templates/dirlist.htm @@ -37,11 +37,11 @@ {DIR} - +{IF dir_writeable} Upload a file - +{ENDIF}
-- 2.34.1 From c752deb389730ae56c25888e6b82c89e30060ec9 Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sat, 27 Nov 2004 09:57:23 +0000 Subject: [PATCH 15/16] Changed my email address (patshaping@gmx.net -> patrick@patshaping.de) in all files except the Template and the File::UseList modules (they are seperate software). --- devedit.pl | 2 +- modules/Command.pm | 2 +- modules/Config/DevEdit.pm | 2 +- modules/File/Access.pm | 2 +- modules/Output.pm | 2 +- modules/Tool.pm | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/devedit.pl b/devedit.pl index 3ec92df..d9e146e 100644 --- a/devedit.pl +++ b/devedit.pl @@ -5,7 +5,7 @@ # # Dev-Editor's main program # -# Author: Patrick Canterino +# Author: Patrick Canterino # Last modified: 2004-11-26 # diff --git a/modules/Command.pm b/modules/Command.pm index 83739f0..e572fb1 100644 --- a/modules/Command.pm +++ b/modules/Command.pm @@ -5,7 +5,7 @@ package Command; # # Execute Dev-Editor's commands # -# Author: Patrick Canterino +# Author: Patrick Canterino # Last modified: 2004-11-26 # diff --git a/modules/Config/DevEdit.pm b/modules/Config/DevEdit.pm index 0286f5a..4077b30 100644 --- a/modules/Config/DevEdit.pm +++ b/modules/Config/DevEdit.pm @@ -5,7 +5,7 @@ package Config::DevEdit; # # Read and parse the configuration files # -# Author: Patrick Canterino +# Author: Patrick Canterino # Last modified: 2004-11-24 # diff --git a/modules/File/Access.pm b/modules/File/Access.pm index 6ab193e..28124cc 100644 --- a/modules/File/Access.pm +++ b/modules/File/Access.pm @@ -6,7 +6,7 @@ package File::Access; # Some simple routines for doing things with files # with only one command # -# Author: Patrick Canterino +# Author: Patrick Canterino # Last modified: 2004-10-26 # diff --git a/modules/Output.pm b/modules/Output.pm index 9ab8697..be4837f 100644 --- a/modules/Output.pm +++ b/modules/Output.pm @@ -5,7 +5,7 @@ package Output; # # HTML generating routines # -# Author: Patrick Canterino +# Author: Patrick Canterino # Last modified: 2004-11-26 # diff --git a/modules/Tool.pm b/modules/Tool.pm index 2b73423..baaff16 100644 --- a/modules/Tool.pm +++ b/modules/Tool.pm @@ -5,7 +5,7 @@ package Tool; # # Some shared sub routines # -# Author: Patrick Canterino +# Author: Patrick Canterino # Last modified: 2004-11-13 # -- 2.34.1 From e3a5b5b0a960dd8657ae7c7f195deba01ecdff5a Mon Sep 17 00:00:00 2001 From: pcanterino <> Date: Sat, 27 Nov 2004 10:37:29 +0000 Subject: [PATCH 16/16] Dev-Editor 2.2 --- devedit.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devedit.pl b/devedit.pl index d9e146e..2bf27bf 100644 --- a/devedit.pl +++ b/devedit.pl @@ -1,7 +1,7 @@ #!C:/Programme/Perl/bin/perl.exe -w # -# Dev-Editor 2.1a +# Dev-Editor 2.2 # # Dev-Editor's main program # @@ -23,7 +23,7 @@ use Command; use Output; use Tool; -$VERSION = '2.1a'; +$VERSION = '2.2'; # Path to configuration file # Change if necessary! -- 2.34.1