--- docman.php 2002/07/29 10:29:04 1.26
+++ docman.php 2002/07/29 12:04:43 1.27
@@ -1500,6 +1500,8 @@
function check_perm($path,$trperm) {
global $gblLogin,$HAVE_TRUSTEE;
+ $path = str_replace("//","/",$path);
+
global $debug;
$debug.="
check_perm: on $path for perm ".display_trustee($trperm)."
\n";
@@ -1554,6 +1556,15 @@
if (strstr($file,"/")) Error("Security violation","No slashes / allowed in file name $file",1);
}
+// bla/blo/../foo will return bla/foo
+function remove_parent($path) {
+ while (preg_match(",/[^/]+/\.\./,",$path)) {
+ $path = preg_replace(",/[^/]+/\.\./,","",$path);
+ }
+ if (substr($path,0,1) != "/") $path = "/".$path;
+ return $path;
+}
+
//////////////////////////////////////////////////////////////////
// functions to move HTTP server variables to global namespace
@@ -1807,9 +1818,13 @@
if ($T == "D") $type = "directory";
else $type ="file";
if ($FN == "") Error("Can't create $type","You must enter name of $type to create it.");
- if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
- $path = $fsDir . "/" . $FN ; // file or dir to create
- $relPath = $relDir . "/" . $FN ;
+ if (!is_writeable($fsDir)) Error("Write denied","User $gblLogin has trustee to write in $relDir but permissions on $fsDir are wrong!", 1) ;
+ $path = "$fsDir/$FN"; // file or dir to create
+ $relPath = "$relDir/$FN";
+
+ if (file_exists($path))
+ Error("Can't create $type","Object $relPath allready exists");
+
switch ( $T ) {
case "D" : // create a directory
if ( ! @mkdir($path,$gblDirPerms) )
@@ -1823,14 +1838,14 @@
// better keep it here altogether
// chmod perms to $gblFilePerms
if ( file_exists($path) && !is_writeable($path) )
- Error("File not writable", $relPath) ;
+ Error("File not writable", "User $gblLogin has trustee to write in $relPath but permissions on $path are wrong!", 1) ;
$fh = fopen($path, "w+") ;
if ($fh) {
fputs($fh,"\n");
fclose($fh) ;
LogIt($path,"file created",trperm_r | trperm_w);
} else {
- Error("Creation of file $relPath failed -- $path");
+ Error("Creation of file $relPath failed", "User $gblLogin has trustee to write in $relPath but creation of $path failed!", 1) ;
}
$tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
header("Location: " . $tstr) ;
@@ -1843,36 +1858,34 @@
if ( isset($FN) && $FN != "") {
$path=$fsDir."/".$FN;
-
$what = "file";
- if (is_dir($path)) {
- $what = "dir";
- }
+ } elseif (isset($DIR)) {
+ $path=$gblFsRoot."/".$DIR;
+ $what = "directory";
+ } else {
+ Error("Can't delete object","Can't find filename \$FN or dirname in \$DIR",1);
+ }
- if (! check_perm($relDir."/".$FN, trperm_w))
- Error("Access denied","User $gblLogin tried to erase $what $relDir/$FN without valid trustee.",1);
+ if (! check_perm("$relDir/$FN", trperm_w))
+ Error("Access denied","User $gblLogin tried to erase $what $relDir/$FN without valid trustee.",1);
- $tstr = "Attempt to delete non-existing object or " ;
- $tstr .= "insufficient privileges: " ;
+ $tstr = "Attempt to delete non-existing object or insufficient privileges: " ;
- $dir=dirname($path);
- $file=basename($path);
- if (! file_exists("$dir/.del")) {
- mkdir("$dir/.del",0700);
- }
+ $dir=dirname($path);
+ $file=basename($path);
-// if ( ! @unlink($path) ) {
- if ( ! @rename($path,"$dir/.del/$file") ) {
- LogIt($path,"$what delete failed");
- Error("Can't delete $what",$tstr.$relDir."/".$FN) ;
- } else {
- LogIt($path,"$what deleted",trperm_w);
- MoveTo("$dir/.log/$file","$dir/.del/.log/");
- MoveTo("$dir/.note/$file","$dir/.del/.note/");
- MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
- }
+ if (! file_exists("$dir/.del")) {
+ mkdir("$dir/.del",0700);
+ }
+
+ if ( ! @rename($path,"$dir/.del/$file") ) {
+ LogIt($path,"$what delete failed");
+ Error("Can't delete $what",$tstr."".$relDir."/".$FN."") ;
} else {
- Error("Rmdir failed", $tstr . $fsDir) ;
+ LogIt($path,"$what deleted",trperm_w);
+ MoveTo("$dir/.log/$file","$dir/.del/.log/");
+ MoveTo("$dir/.note/$file","$dir/.del/.note/");
+ MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
}
break ;
@@ -1893,7 +1906,14 @@
case "RENAME" :
if ( $CONFIRM != "on" ) break ;
- $NEWNAME=stripSlashes($HTTP_POST_VARS["NEWNAME"]);
+ if (HTTP_POST_VAR("NEWNAME")) {
+ $dest = remove_parent($relDir.$NEWNAME);
+ if (! check_perm($relDir.$FN, trperm_w) ||
+ ! check_perm($dest, trperm_w) )
+ Error("Access denied","User $gblLogin tried to rename $relDir$FN to $dest without valid trustee.",1);
+ } else {
+ Error("Rename error","Can't find new name in var \$NEWNAME",1);
+ }
LogIt("$fsDir/$FN","renamed $FN to $NEWNAME",trperm_r);
safe_rename($fsDir,$FN,$NEWNAME);
break ;