--- docman.php	2002/07/29 10:29:04	1.26
+++ docman.php	2002/07/29 12:04:43	1.27
@@ -1500,6 +1500,8 @@
 function check_perm($path,$trperm) {
 	global $gblLogin,$HAVE_TRUSTEE;
 
+	$path = str_replace("//","/",$path);
+
 	global $debug;
 $debug.="<br>check_perm: on <tt>$path</tt> for perm ".display_trustee($trperm)."<br>\n";
 
@@ -1554,6 +1556,15 @@
 	if (strstr($file,"/")) Error("Security violation","No slashes <tt>/</tt> allowed in file name <tt>$file</tt>",1);
 }
 
+// bla/blo/../foo will return bla/foo
+function remove_parent($path) {
+	while (preg_match(",/[^/]+/\.\./,",$path)) {
+		$path = preg_replace(",/[^/]+/\.\./,","",$path);
+	}
+	if (substr($path,0,1) != "/") $path = "/".$path;
+	return $path;
+}
+
 //////////////////////////////////////////////////////////////////
 
 // functions to move HTTP server variables to global namespace
@@ -1807,9 +1818,13 @@
 		if ($T == "D") $type = "directory";
 		else $type ="file";
 		if ($FN == "") Error("Can't create $type","You must enter name of $type to create it.");
-		if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
-		$path = $fsDir . "/" . $FN ;  // file or dir to create
-		$relPath = $relDir . "/" . $FN ;
+		if (!is_writeable($fsDir)) Error("Write denied","User <tt>$gblLogin</tt> has trustee to write in <tt>$relDir</tt> but permissions on <tt>$fsDir</tt> are wrong!", 1) ;
+		$path = "$fsDir/$FN";		// file or dir to create
+		$relPath = "$relDir/$FN";
+
+		if (file_exists($path))
+			Error("Can't create $type","Object <tt>$relPath</tt> allready exists");
+
 		switch ( $T ) {
 		case "D" :  // create a directory
 			if ( ! @mkdir($path,$gblDirPerms) ) 
@@ -1823,14 +1838,14 @@
 // better keep it here altogether
 // chmod perms to $gblFilePerms
 			if ( file_exists($path) && !is_writeable($path) ) 
-				Error("File not writable", $relPath) ;
+				Error("File not writable", "User <tt>$gblLogin</tt> has trustee to write in <tt>$relPath</tt> but permissions on <tt>$path</tt> are wrong!", 1) ;
 			$fh = fopen($path, "w+") ;
 			if ($fh) {
 				fputs($fh,"\n");
 				fclose($fh) ;
 				LogIt($path,"file created",trperm_r | trperm_w);
 			} else {
-				Error("Creation of file $relPath failed -- $path");
+				Error("Creation of file $relPath failed", "User <tt>$gblLogin</tt> has trustee to write in <tt>$relPath</tt> but creation of <tt>$path</tt> failed!", 1) ;
 			}
 			$tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
 			header("Location: " . $tstr) ;
@@ -1843,36 +1858,34 @@
 
 		if ( isset($FN) && $FN != "") {
 			$path=$fsDir."/".$FN;
-
 			$what = "file";
-			if (is_dir($path)) {
-				$what = "dir";
-			}
+		} elseif (isset($DIR)) {
+			$path=$gblFsRoot."/".$DIR;
+			$what = "directory";
+		} else  {
+			Error("Can't delete object","Can't find filename <tt>\$FN</tt> or dirname in <tt>\$DIR</tt>",1);
+		}
 
-			if (! check_perm($relDir."/".$FN, trperm_w))
-				Error("Access denied","User <tt>$gblLogin</tt> tried to erase $what <tt>$relDir/$FN</tt> without valid trustee.",1);
+		if (! check_perm("$relDir/$FN", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to erase $what <tt>$relDir/$FN</tt> without valid trustee.",1);
 
-			$tstr  = "Attempt to delete non-existing object or " ;
-			$tstr .= "insufficient privileges: " ;
+		$tstr  = "Attempt to delete non-existing object or insufficient privileges: " ;
 
-			$dir=dirname($path);
-			$file=basename($path);
-			if (! file_exists("$dir/.del")) {
-				mkdir("$dir/.del",0700);
-			}
+		$dir=dirname($path);
+		$file=basename($path);
 
-//			if ( ! @unlink($path) ) { 
-			if ( ! @rename($path,"$dir/.del/$file") ) { 
-				LogIt($path,"$what delete failed");
-				Error("Can't delete $what",$tstr.$relDir."/".$FN) ; 
-			} else {
-				LogIt($path,"$what deleted",trperm_w);
-				MoveTo("$dir/.log/$file","$dir/.del/.log/");
-				MoveTo("$dir/.note/$file","$dir/.del/.note/");
-				MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
-			}
+		if (! file_exists("$dir/.del")) {
+			mkdir("$dir/.del",0700);
+		}
+
+		if ( ! @rename($path,"$dir/.del/$file") ) { 
+			LogIt($path,"$what delete failed");
+			Error("Can't delete $what",$tstr."<tt>".$relDir."/".$FN."</tt>") ; 
 		} else {
-			Error("Rmdir failed", $tstr . $fsDir) ; 
+			LogIt($path,"$what deleted",trperm_w);
+			MoveTo("$dir/.log/$file","$dir/.del/.log/");
+			MoveTo("$dir/.note/$file","$dir/.del/.note/");
+			MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
 		}
 		break ;
 
@@ -1893,7 +1906,14 @@
 	case "RENAME" :  
 		if ( $CONFIRM != "on" ) break ;
 
-		$NEWNAME=stripSlashes($HTTP_POST_VARS["NEWNAME"]);
+		if (HTTP_POST_VAR("NEWNAME")) {
+			$dest = remove_parent($relDir.$NEWNAME);
+			if (! check_perm($relDir.$FN, trperm_w) ||
+			    ! check_perm($dest, trperm_w) )
+				Error("Access denied","User <tt>$gblLogin</tt> tried to rename <tt>$relDir$FN</tt> to <tt>$dest</tt> without valid trustee.",1);
+		} else {
+			Error("Rename error","Can't find new name in var <tt>\$NEWNAME</tt>",1);
+		}
 		LogIt("$fsDir/$FN","renamed $FN to $NEWNAME",trperm_r);
 		safe_rename($fsDir,$FN,$NEWNAME);
 		break ;