".GifIcon(up)." Back to front page.
"; + print "".GifIcon("up")." Back to front page.
"; } ////////////////////////////////////////////////////////////////// @@ -1405,14 +1405,10 @@ } // helper function -function unroll_perm($u,$t,$user,$perm,$one_level) { +function unroll_perm($u,$t,$perm,$one_level) { if ($t & trmask_one_level && !$one_level) return $perm; - // user is user whose trustee is this - if ($t & trmask_not && ($u==$user)) return $perm; - if (!($t & trmask_not) && ($u!=$user)) return $perm; - if ($t & trmask_deny) { if ($t & trmask_clear) { $perm['deny'] &= ~$t; @@ -1452,21 +1448,26 @@ if (isset($tr)) { // first apply trustee for all if (isset($tr['*'])) { - $perm = unroll_perm($user,$tr['*'],'*', $perm, $one_level); + $perm = unroll_perm($user,$tr['*'],$perm, $one_level); unset($tr['*']); } - // then apply group policies + // then apply not and group policies foreach ($tr as $g=>$t) { - if ($t & trmask_group && in_group($user,$g)) { + if ($t & trmask_not && $g != $user) { + $t = $t & ~trmask_not; + $perm = unroll_perm($user,$t,$perm, $one_level); + unset($tr[$g]); + + } elseif ($t & trmask_group && in_group($user,$g)) { // resolv user $t = $t & ~trmask_group; - $perm = unroll_perm($user,$t,$g, $perm, $one_level); + $perm = unroll_perm($user,$t,$perm, $one_level); unset($tr[$g]); } } // then apply user policy if (isset($tr[$user])) { - $perm = unroll_perm($user,$tr[$user],$user, $perm,$one_level); + $perm = unroll_perm($user,$tr[$user],$perm,$one_level); unset($tr[$user]); } } @@ -1541,18 +1542,26 @@ // [replacement for register_globals in php.ini] function HTTP_GET_VAR($var) { - global $HTTP_GET_VARS, $GLOBALS; + global $HTTP_GET_VARS, ${$var}; if (isset($HTTP_GET_VARS[$var])) { - $GLOBALS[$var] = stripSlashes($HTTP_GET_VARS[$var]); - return $GLOBALS[$var]; + $$var = stripSlashes($HTTP_GET_VARS[$var]); + return $$var; } } function HTTP_POST_VAR($var) { - global $HTTP_POST_VARS, $GLOBALS; + global $HTTP_POST_VARS, ${$var}; if (isset($HTTP_POST_VARS[$var])) { - $GLOBALS[$var] = stripSlashes($HTTP_POST_VARS[$var]); - return $GLOBALS[$var]; + $$var = $HTTP_POST_VARS[$var]; + return $$var; + } +} + +function HTTP_SERVER_VAR($var) { + global $HTTP_SERVER_VARS, ${$var}; + if (isset($HTTP_SERVER_VARS[$var])) { + $$var = $HTTP_SERVER_VARS[$var]; + return $$var; } } @@ -1663,9 +1672,12 @@ // read mime.types readMime(); +HTTP_POST_VAR("FN"); + if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") { // take variables from server - if (HTTP_POST_VAR("FN")) check_filename($FN); + if (HTTP_POST_VAR("FN")) + check_filename($FN); if (HTTP_POST_VAR("DIR")) { check_dirname($DIR); $relDir = $DIR; @@ -1676,7 +1688,6 @@ if (HTTP_POST_VAR("RELPATH")) check_dirname($RELPATH); HTTP_POST_VAR("T"); HTTP_POST_VAR("CONFIRM"); - } else { // get HTTP_GET_VAR("A"); @@ -1764,7 +1775,7 @@ if (!($writable || (!$exists && $legaldir))) Error("Write denied",$RELPATH) ; $fh = fopen($path, "w") ; - $FILEDATA=stripSlashes($FILEDATA); + HTTP_POST_VAR("FILEDATA"); fwrite($fh,$FILEDATA) ; fclose($fh) ; clearstatcache() ; @@ -1773,7 +1784,11 @@ case "CREATE" : // we know $fsDir exists - if ($FN == "") break; // no filename! + if (! check_perm($relDir, trperm_w)) + Error("Write access denied","You don't have permission to write in $relDir"); + if ($T == "D") $type = "directory"; + else $type ="file"; + if ($FN == "") Error("Can't create $type","You must enter name of $type to create it."); if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; $path = $fsDir . "/" . $FN ; // file or dir to create $relPath = $relDir . "/" . $FN ; @@ -1799,7 +1814,7 @@ } else { Error("Creation of file $relPath failed -- $path"); } - $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ; + $tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ; header("Location: " . $tstr) ; exit ; }