--- docman.php	2002/07/29 12:04:43	1.27
+++ docman.php	2002/07/29 12:17:03	1.28
@@ -1769,6 +1769,9 @@
 			$target = "$fsDir/$FILENAME";
 		}
 
+		if (! check_perm("$relDir/".basename($target), trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to upload <tt>$relDir/".basename($target)."</tt> without valid trustee.",1);
+
 		// backup old files first
 		$dir=dirname($target);
 		if (! file_exists($dir."/.bak")) {
@@ -1797,10 +1800,14 @@
 	case "SAVE" :
 		$path = $gblFsRoot . $RELPATH ;
 		$path=stripSlashes($path);
+
+		if (! check_perm("$RELPATH", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to save <tt>$RELPATH</tt> without valid trustee.",1);
+
 		$writable = is_writeable($path) ;
 		$legaldir = is_writeable(dirname($path)) ;
 		$exists   = (file_exists($path)) ? 1 : 0 ; 
-// check for legal extension here as well
+		// FIX: more verbose error message
 	 	if (!($writable || (!$exists && $legaldir))) 
 			Error("Write denied",$RELPATH) ;
 		$fh = fopen($path, "w") ;
@@ -1895,6 +1902,9 @@
 		if (substr($FN,0,4) != ".del") break ;
 		$file=substr($FN,4,strlen($FN)-4);
 
+		if (! check_perm("$relDir/$file", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to undelete <tt>$relDir/$file</tt> without valid trustee.",1);
+
 		LogIt("$fsDir/.del/$file","undeleted",trperm_w);
 		MoveTo("$fsDir/.del/$file","$fsDir/");
 		MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");