/[docman2]/docman.php

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /docman.php

Parent Directory | Revision Log | View Patch Patch

-revision 1.12 by dpavlin,
Sat Jul 27 22:26:30 2002 UTC
+revision 1.13 by dpavlin,
Sun Jul 28 11:39:59 2002 UTC
 Line 145 
 function EndHTML() {
                  $url_title="relogin";
          }
          include("$html/footer.html");
+         global $debug;
+         if ($debug) print $debug;
  } // end function EndHTML
  //////////////////////////////////////////////////////////////////
-Line 160 
 function DetailPage($fsRoot,$relDir,$fn)
+Line 163 
 function DetailPage($fsRoot,$relDir,$fn)
          $exists   = file_exists($fsPath) ;
          $ext      = strtolower(strrchr($relPath,".")) ;
-         $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
+         $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) &&
-         $writable = is_writeable($fsPath) ;
+                 check_perm($relPath,trperm_w);
+         $writable = is_writeable($fsPath) && check_perm($relPath,trperm_w) ;
+         $writable_dir = is_writeable($fsDir) && check_perm($relDir,trperm_w) ;
          $file_lock = CheckLock($fsPath);
          if (!$editable && !$exists)
-                 Error("Creation unsupported for type",$relPath) ;
+                 Error("Creation denied","Can't create <tt>$relPath</tt>") ;
-         if (!exists && !is_writeable($fsDir) )
+         if (!$exists && !$writable_dir )
-                 Error("Creation denied",$relDir) ;
+                 Error("Creation denied","Can't write in directory <tt>$relDir</tt> while creating <tt>$relPath</tt>for which user has permissions.",1);
          $text  = _("Use this page to view, modify or ") ;
          if (is_dir($fsPath)) {
-Line 200 
 function DetailPage($fsRoot,$relDir,$fn)
+Line 205 
 function DetailPage($fsRoot,$relDir,$fn)
                  $fstr = htmlentities( $fstr ) ;
  ?>
- <FORM ACTION="<?= $self ; ?>" METHOD="POST">
+ <FORM ACTION="<?= $self ?>" METHOD="POST">
  <SPAN TITLE="Click [SAVE] to store updated contents.">
          <B>DOCUMENT CONTENTS</B>
  </SPAN><BR>
-Line 574 
 function Navigate($fsRoot,$relDir) {
+Line 579 
 function Navigate($fsRoot,$relDir) {
                  $gblIgnoreUnknownFileType, $gblRepositoryDir,
                  $fsRealmDir, $realm, $realm_sep,
                  $HTTP_GET_VARS, $html, $realm_config;
          $self     = $HTTP_SERVER_VARS["PHP_SELF"] ;
          if ($relDir == "") $relDir = "/";
          $fsDir = $fsRoot.$relDir."/";   // current directory
-         if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
+         if (!is_dir($fsDir)) Error("Dir not found",$relDir,1) ;
          $hide_items=",$gblHide,";
-Line 634 
 function Navigate($fsRoot,$relDir) {
+Line 639 
 function Navigate($fsRoot,$relDir) {
          echo "<TABLE BORDER=0 CELLPADDING=2
                  CELLSPACING=3 WIDTH=\"100%\">" ;
-         // updir bar
+         // updir (parent) bar
          if (chopsl($fsDir) != chopsl($fsRoot)) {
                  $parent = dirname($relDir) ;
                  if ($parent == "") $parent = "/" ;
-Line 714 
 function Navigate($fsRoot,$relDir) {
+Line 719 
 function Navigate($fsRoot,$relDir) {
                          $dir = $dirList[$key];
                          $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));
-                         $dir_url=$self."?D=".urlencode($relDir."/".$dir);
+                         $dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
                          include("$html/Navigate-dirEntry.html");
                  }  // iterate over dirs
-Line 1212 
 function Download($path,$force=0) {
+Line 1217 
 function Download($path,$force=0) {
  //////////////////////////////////////////////////////////////////
  function chopsl($path) {
-         if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
          $path=str_replace("//","/",$path);
+         if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
          return $path;
  }
-Line 1438 
 function check_trustee($user,$path) {
+Line 1443 
 function check_trustee($user,$path) {
  function check_perm($path,$trperm) {
          global $gblLogin,$HAVE_TRUSTEE;
- print "<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";
+         global $debug;
+ $debug.="<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";
          $return = ! $HAVE_TRUSTEE;
          if ($HAVE_TRUSTEE) {
                  $perm = check_trustee($gblLogin,$path);
- print " d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";
+ $debug.=" d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";
                  if ($perm[deny] & $trperm) $return=0;
                  elseif ($perm[allow] & $trperm) $return=1;
          }
- print " return: $return<br>\n";
+ $debug.=" return: $return<br>\n";
          return($return);
  }
-Line 1476 
 function readMime() {
+Line 1483 
 function readMime() {
  }
  //////////////////////////////////////////////////////////////////
+ // check for invalid characters in filename and dirname (.. and /)
+ function check_dirname($file) {
+         if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in directory name <tt>$file</tt>",1);
+ }
+ function check_filename($file) {
+         if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in file name <tt>$file</tt>",1);
+         if (strstr($file,"/")) Error("Security violation","No slashes <tt>/</tt> allowed in file name <tt>$file</tt>",1);
+ }
+ //////////////////////////////////////////////////////////////////
  // MAIN PROGRAM
          $gblFilePerms = 0640 ;         // default for new files
-Line 1569 
 function readMime() {
+Line 1589 
 function readMime() {
                  Error("401 Unauthorized","No trespassing !",0,1);
          }
          // read mime.types
          readMime();
-         // get current directory relative to $gblFsRoot
+         if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
-         $relDir = $DIR ;        // from POST
+                 // take variables from server
-         if ($relDir == "") {    // not defined in POST ?
+                 $FN=stripSlashes($HTTP_POST_VARS["FN"]);
-                 $relDir = urldecode($D) ;  // then use GET
+                 $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);
-         }
+                 $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);
+                 $T=stripSlashes($HTTP_POST_VARS["T"]);
+                 $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);
+                 check_filename($FN);
+                 check_dirname($DIR);
+                 check_dirname($RELPATH);
-         $relDir=stripSlashes($relDir);
+                 $relDir = $DIR;
+         } else {
+                 // get
+                 $A=stripSlashes($HTTP_GET_VARS["A"]);
+                 $D=stripSlashes(urldecode($HTTP_GET_VARS["D"]));
+                 $F=stripSlashes($HTTP_GET_VARS["F"]);
-         if ($relDir == "/") $relDir = "" ;
+                 check_filename($F);
-         // default : website root = ""
+                 check_dirname($D);
-         if (strstr($relDir,"..")) Error("No updirs allowed");
+                 $relDir = $D;
+         }
-         // full paths contain "fs" or "Fs". Paths realitve to root of
+         if ($relDir == "/") $relDir = "" ;
-         // website contain "rel" or "Rel". The script won't let you
-         // edit anything above directory equal to http://server.com
-         // i.e. below $gblFsRoot.
          $relScriptDir = dirname($SCRIPT_NAME) ;
          // i.e. /docman
          // start on server root
          $gblFsRoot = $gblRepositoryDir;
-         // i.e. /home/httpd/html
+         // i.e. /home/httpd/repository
          $fsDir = $gblFsRoot . $relDir ; // current directory
-         if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
+         if ( !is_dir($fsDir) ) Error("Dir not found",$relDir,1) ;
          if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
                  $webRoot  = "https://";
-Line 1607 
 function readMime() {
+Line 1637 
 function readMime() {
          }
          $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;
-         // take variables from server
-         $FN=stripSlashes($HTTP_POST_VARS["FN"]);
-         $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);
-         $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);
-         $T=stripSlashes($HTTP_POST_VARS["T"]);
-         $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);
-         // get
-         $A=stripSlashes($HTTP_GET_VARS["A"]);
-         $D=stripSlashes($HTTP_GET_VARS["D"]);
- //      if (isset($F)) Error("Document manager system error","variable $F shouldn't be set here (re-check old code)",1);
- //      $F=stripSlashes($HTTP_SERVER_VARS["PATH_INFO"]);
-         $F=stripSlashes($HTTP_GET_VARS["F"]);
          switch ($HTTP_POST_VARS["POSTACTION"]) {
          case "UPLOAD" :
                  $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
-Line 1634 
 function readMime() {
+Line 1649 
 function readMime() {
                  }
                  $FILENAME = $HTTP_POST_VARS["FILENAME"];
-                 if (strstr($FILENAME,"/"))
+                 check_filename($FILENAME);
-                         Error("Upload error","Non-conforming filename. Filename <tt>$FILENAME</tt> has slashes (<tt>/</tt>) in it.") ;
                  if (! isset($FILENAME)) {       // from update file
                          $target = "$fsDir/".basename($FN);
                  } else {

 Legend:



Removed from v.1.12
 


changed lines


 
Added in v.1.13
 Legend:



Removed from v.1.12
 


changed lines


 
Added in v.1.13
-Removed from v.1.12
+Added in v.1.13

	ViewVC Help
Powered by ViewVC 1.1.26