--- docman.php 2002/07/29 12:34:18 1.29 +++ docman.php 2003/04/09 16:27:06 1.35 @@ -74,14 +74,16 @@ ////////////////////////////////////////////////////////////////// $gblTitle = "Document Manager"; - $gblVersion = "2.0-pre1"; + $gblVersion = "2.0-pre2"; $secHash = ""; // location of html files $html = $gblIncDir."/html"; - LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]); + if (isset($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"])) { + LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]); + } // for security and configuration $realm=$HTTP_SERVER_VARS["HTTP_HOST"]; @@ -147,8 +149,8 @@ } include("$html/footer.html"); - global $debug; - if ($debug) print $debug; +# global $debug; +# if ($debug) print $debug; } // end function EndHTML ////////////////////////////////////////////////////////////////// @@ -157,6 +159,7 @@ global $gblEditable, $gblImages, $gblDateFmt, $gblTimeFmt, + $gblPermNote, $webRoot, $html, $HTTP_SERVER_VARS ; $self = $HTTP_SERVER_VARS["PHP_SELF"] ; @@ -208,25 +211,8 @@ $fstr = fread($fh,filesize($fsPath)) ; fclose($fh) ; $fstr = htmlentities( $fstr ) ; -?> -
- - DOCUMENT CONTENTS -
- - - - - -
- - -
- - -
- - -
- - -
- -OK TO FORCE LOCK REMOVAL ON "" HELD BY ? - - - + + +
+ '; + + if ($file_lock && check_perm($relDir.$fn,trperm_w)) { + include("$html/DetailPage-unlock.html"); } // file_lock if (substr($fn,0,4) == ".del") { @@ -265,37 +243,16 @@ } if ($exists && $writable) { -?> + include("$html/DetailPage-undelete.html"); + include("$html/DetailPage-rename.html"); -
- - -OK TO ""? - - - -
- - -OK TO RENAME "" TO - -? - - - - -
- -NOTE FOR "": - - - - - + } + + if (check_perm($relDir.$fn,$gblPermNote)) { + include("$html/DetailPage-note.html"); + } -"; $name=basename("$fsDir/$fn"); $logname=dirname("$fsDir/$fn")."/.log/$name"; @@ -580,6 +537,7 @@ global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide, $gblIgnoreUnknownFileType, $gblRepositoryDir, $gblLogin, $gblUserName, $gblDateFmt, $gblTimeFmt, + $gblPermNote, $fsRealmDir, $realm, $realm_sep, $html, $realm_config, $HTTP_GET_VARS, $HTTP_SERVER_VARS; @@ -654,8 +612,7 @@ $text .= "
Examine list of files
changed in last day or all changes."; StartHTML("(Navigate)",$text) ; - echo "" ; + print "
" ; // updir (parent) bar if (chopsl($fsDir) != chopsl($fsRoot)) { @@ -673,7 +630,8 @@ return $out; } - if (! HTTP_GET_VAR("dsort")) $dsort = "name"; // default directory sort + $dsort = HTTP_GET_VAR("dsort"); + if (! isset($dsort)) $dsort = "name"; // default directory sort $dsort_arr = array( "name" => array ("rname", "note"), @@ -682,7 +640,8 @@ "rnote" => array ("name", "note") ); - if (! HTTP_GET_VAR("fsort")) $fsort = "name"; // default directory sort + $fsort = HTTP_GET_VAR("fsort"); + if (! isset($fsort)) $fsort = "name"; // default directory sort $fsort_arr = array( "name" => array ("rname", "note", "date", "size"), @@ -744,6 +703,14 @@ } $dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir); + if (check_perm($relDir.$dir,$gblPermNote)) { + $note_html="".$gblIcon("note")."".$dirNote[$key]; + } else { + $note_html=$dirNote[$key]; + } + + $dir_html = isBlank($dir,"directory"); + include("$html/Navigate-dirEntry.html"); } // iterate over dirs @@ -819,12 +786,16 @@ $file_url_html.="\" TITLE=\"View file\">" ; if (substr($file,0,5) != ".del/") { - $file_url_html .= $file . "" . $a ; + $file_url_html .= isBlank($file) . "" . $a ; } else { - $file_url_html .= substr($file,5,strlen($file)-5) . "deleted"; + $file_url_html .= isBlank(substr($file,5,strlen($file)-5)) . "deleted"; } - $note_html="".$gblIcon("note")."".ReadNote($path); + if (check_perm($relDir.$file,$gblPermNote)) { + $note_html="".$gblIcon("note")."".$fileNote[$key]; + } else { + $note_html=$fileNote[$key]; + } $ext = strtolower(strrchr($file,".")) ; @@ -844,9 +815,11 @@ $file_url_html = "$file $a"; } } else { - $b.="" ; - $b.=$gblIcon("checkout").""; + if (check_perm($relDir.$file,trperm_w)) { + $b.="" ; + $b.=$gblIcon("checkout").""; + } if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) { $b.=" - - - -
- - - - - - -"; -} elseif (file_exists("$gblRepositoryDir/.info.inc")) { - print ""; -} + if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) { + print ""; + include("$html/Navigate-hr.html"); + } elseif (file_exists("$gblRepositoryDir/.info.inc")) { + print ""; + include("$html/Navigate-hr.html"); + } + include("$html/Navigate-createNew.html"); -?> - -
- - -
- No files in this directory -
- - OK TO DELETE THIS EMPTY FOLDER? - - -
"; - include("$fsRealmDir/$realm".$realm_sep."info.inc"); - print "
"; - include("$gblRepositoryDir/.info.inc"); - print "
"; + include("$fsRealmDir/$realm".$realm_sep."info.inc"); + print "
"; + include("$gblRepositoryDir/.info.inc"); + print "
CREATE NEW - DIRECTORY -OR- - FILE :    - NAME - - - - - OR UPLOAD A FILE -
+ print ""; -$dir/.note/$file for writing",1); + } fputs($note,"$msg\n"); fclose($note); @@ -1335,7 +1281,7 @@ $l = trim(fgets($fp_conf,4096)); if (substr($l,0,1) == "+") { // no comment $arr=explode(":",$l); - $groups_arr[$arr[0]] = $arr[1] ; + $groups_arr[$arr[0]] = str_replace(" ","",$arr[1]) ; } elseif (substr($l,0,1) != "#") { $arr=explode(":",$l); $path=array_shift($arr); @@ -1597,6 +1543,14 @@ } ////////////////////////////////////////////////////////////////// + +function isBlank($file,$what = "filename") { + if (trim($file) == "") return "whitespace $what"; + if ($file == "") return "no $what"; + return $file; +} + +////////////////////////////////////////////////////////////////// // MAIN PROGRAM $gblFilePerms = 0640 ; // default for new files @@ -1698,7 +1652,11 @@ // read mime.types readMime(); -HTTP_POST_VAR("FN"); + if (! isset($gblPermNote)) { + $gblPermNote = trperm_r; + } + + HTTP_POST_VAR("FN"); if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") { // take variables from server @@ -1755,7 +1713,7 @@ $source = $FN_name ; if (! file_exists($source)) { - Error("You must select file with browse to upload it!"); + Error("You must select file with browse to upload it!","If file is too big, you might need to modify php configuration options post_max_size and upload_max_filesize",1); } if (HTTP_POST_VAR("FILENAME")) check_filename($FILENAME); @@ -1925,13 +1883,19 @@ safe_rename($fsDir,$FN,$NEWNAME); break ; - case "NOTE" : - $NOTE=stripSlashes($HTTP_POST_VARS["NOTE"]); - WriteNote("$fsDir/$FN","$NOTE"); + case "NOTE" : + if (! HTTP_POST_VAR("NOTE")) + Error("Can't add note to object","Can't find var \$NOTE",1); + if (! check_perm("$relDir/$FN", trperm_w)) + Error("Access denied","User $gblLogin tried to add note to $relDir/$FN without valid trustee.",1); + + WriteNote("$fsDir/$FN",$NOTE); break ; case "UNLOCK" : if ( $CONFIRM != "on" ) break ; + if (! check_perm("$relDir/$FN", trperm_w)) + Error("Access denied","User $gblLogin tried to unlock $relDir/$FN without valid trustee.",1); Unlock("$fsDir/$FN"); break ; @@ -1945,7 +1909,7 @@ header("Location: ".$tstr) ; exit ; } - + // check for mode.. navigate, code display, upload, or detail? // $A=U : upload to path given in $D // $A=E : display detail of file $D/$F and edit