/[docman2]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1.12 by dpavlin, Sat Jul 27 22:26:30 2002 UTC revision 1.16 by dpavlin, Sun Jul 28 13:57:13 2002 UTC
# Line 145  function EndHTML() { Line 145  function EndHTML() {
145                  $url_title="relogin";                  $url_title="relogin";
146          }          }
147          include("$html/footer.html");          include("$html/footer.html");
148    
149            global $debug;
150            if ($debug) print $debug;
151  } // end function EndHTML  } // end function EndHTML
152    
153  //////////////////////////////////////////////////////////////////  //////////////////////////////////////////////////////////////////
# Line 160  function DetailPage($fsRoot,$relDir,$fn) Line 163  function DetailPage($fsRoot,$relDir,$fn)
163    
164          $exists   = file_exists($fsPath) ;          $exists   = file_exists($fsPath) ;
165          $ext      = strtolower(strrchr($relPath,".")) ;          $ext      = strtolower(strrchr($relPath,".")) ;
166          $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;          $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) &&
167          $writable = is_writeable($fsPath) ;                  check_perm($relPath,trperm_w);
168            $writable = is_writeable($fsPath) && check_perm($relPath,trperm_w) ;
169            $writable_dir = is_writeable($fsDir) && check_perm($relDir,trperm_w) ;
170          $file_lock = CheckLock($fsPath);          $file_lock = CheckLock($fsPath);
171    
172          if (!$editable && !$exists)          if (!$editable && !$exists)
173                  Error("Creation unsupported for type",$relPath) ;                  Error("Creation denied","Can't create <tt>$relPath</tt>") ;
174          if (!exists && !is_writeable($fsDir) )          if (!$exists && !$writable_dir )
175                  Error("Creation denied",$relDir) ;                  Error("Creation denied","Can't write in directory <tt>$relDir</tt> while creating <tt>$relPath</tt>for which user has permissions.",1);
176    
177          $text  = _("Use this page to view, modify or ") ;          $text  = _("Use this page to view, modify or ") ;
178          if (is_dir($fsPath)) {          if (is_dir($fsPath)) {
# Line 200  function DetailPage($fsRoot,$relDir,$fn) Line 205  function DetailPage($fsRoot,$relDir,$fn)
205                  $fstr = htmlentities( $fstr ) ;                  $fstr = htmlentities( $fstr ) ;
206  ?>  ?>
207    
208  <FORM ACTION="<?= $self ; ?>" METHOD="POST">  <FORM ACTION="<?= $self ?>" METHOD="POST">
209  <SPAN TITLE="Click [SAVE] to store updated contents.">  <SPAN TITLE="Click [SAVE] to store updated contents.">
210          <B>DOCUMENT CONTENTS</B>          <B>DOCUMENT CONTENTS</B>
211  </SPAN><BR>  </SPAN><BR>
# Line 574  function Navigate($fsRoot,$relDir) { Line 579  function Navigate($fsRoot,$relDir) {
579                  $gblIgnoreUnknownFileType, $gblRepositoryDir,                  $gblIgnoreUnknownFileType, $gblRepositoryDir,
580                  $fsRealmDir, $realm, $realm_sep,                  $fsRealmDir, $realm, $realm_sep,
581                  $HTTP_GET_VARS, $html, $realm_config;                  $HTTP_GET_VARS, $html, $realm_config;
582            
583          $self     = $HTTP_SERVER_VARS["PHP_SELF"] ;          $self     = $HTTP_SERVER_VARS["PHP_SELF"] ;
584    
         if ($relDir == "") $relDir = "/";  
   
585          $fsDir = $fsRoot.$relDir."/";   // current directory          $fsDir = $fsRoot.$relDir."/";   // current directory
586    
587          if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;          if (!is_dir($fsDir)) Error("Dir not found",$relDir,1) ;
588    
589          $hide_items=",$gblHide,";          $hide_items=",$gblHide,";
590    
# Line 634  function Navigate($fsRoot,$relDir) { Line 637  function Navigate($fsRoot,$relDir) {
637          echo "<TABLE BORDER=0 CELLPADDING=2          echo "<TABLE BORDER=0 CELLPADDING=2
638                  CELLSPACING=3 WIDTH=\"100%\">" ;                  CELLSPACING=3 WIDTH=\"100%\">" ;
639    
640          // updir bar              // updir (parent) bar  
641          if (chopsl($fsDir) != chopsl($fsRoot)) {          if (chopsl($fsDir) != chopsl($fsRoot)) {
642                  $parent = dirname($relDir) ;                  $parent = dirname($relDir) ;
643                  if ($parent == "") $parent = "/" ;                  if ($parent == "") $parent = "/" ;
# Line 714  function Navigate($fsRoot,$relDir) { Line 717  function Navigate($fsRoot,$relDir) {
717                          $dir = $dirList[$key];                          $dir = $dirList[$key];
718    
719                          $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));                          $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));
720                          $dir_url=$self."?D=".urlencode($relDir."/".$dir);                          $dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
721                          include("$html/Navigate-dirEntry.html");                          include("$html/Navigate-dirEntry.html");
722    
723                  }  // iterate over dirs                  }  // iterate over dirs
# Line 899  function UploadPage($fsRoot, $relDir, $f Line 902  function UploadPage($fsRoot, $relDir, $f
902          global $html, $HTTP_SERVER_VARS;          global $html, $HTTP_SERVER_VARS;
903    
904          $self = $HTTP_SERVER_VARS["PHP_SELF"] ;          $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
         if ($relDir == "") $relDir = "/" ;  
   
905          include("$html/UploadPage.html");          include("$html/UploadPage.html");
906    
907  } // end function UploadPage  } // end function UploadPage
# Line 1212  function Download($path,$force=0) { Line 1213  function Download($path,$force=0) {
1213  //////////////////////////////////////////////////////////////////  //////////////////////////////////////////////////////////////////
1214    
1215  function chopsl($path) {  function chopsl($path) {
         if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);  
1216          $path=str_replace("//","/",$path);          $path=str_replace("//","/",$path);
1217            if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
1218          return $path;          return $path;
1219  }  }
1220    
# Line 1370  return 1; Line 1371  return 1;
1371  }//init_trustee  }//init_trustee
1372    
1373  function in_group($user,$group) {  function in_group($user,$group) {
1374          return in_array($groups[$group],$user);          global $groups;
1375            return in_array($user,$groups[$group]);
1376  }  }
1377    
1378  // helper function  // helper function
# Line 1438  function check_trustee($user,$path) { Line 1440  function check_trustee($user,$path) {
1440    
1441  function check_perm($path,$trperm) {  function check_perm($path,$trperm) {
1442          global $gblLogin,$HAVE_TRUSTEE;          global $gblLogin,$HAVE_TRUSTEE;
1443  print "<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";  
1444            global $debug;
1445    $debug.="<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";
1446    
1447          $return = ! $HAVE_TRUSTEE;          $return = ! $HAVE_TRUSTEE;
1448          if ($HAVE_TRUSTEE) {          if ($HAVE_TRUSTEE) {
1449                  $perm = check_trustee($gblLogin,$path);                  $perm = check_trustee($gblLogin,$path);
1450  print " d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";  $debug.=" d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";
1451                  if ($perm[deny] & $trperm) $return=0;                  if ($perm[deny] & $trperm) $return=0;
1452                  elseif ($perm[allow] & $trperm) $return=1;                  elseif ($perm[allow] & $trperm) $return=1;
1453          }          }
1454  print " return: $return<br>\n";  $debug.=" return: $return<br>\n";
1455          return($return);          return($return);
1456  }  }
1457    
# Line 1476  function readMime() { Line 1481  function readMime() {
1481  }  }
1482    
1483  //////////////////////////////////////////////////////////////////  //////////////////////////////////////////////////////////////////
1484    
1485    // check for invalid characters in filename and dirname (.. and /)
1486    
1487    function check_dirname($file) {
1488            if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in directory name <tt>$file</tt>",1);
1489    }
1490    
1491    function check_filename($file) {
1492            if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in file name <tt>$file</tt>",1);
1493            if (strstr($file,"/")) Error("Security violation","No slashes <tt>/</tt> allowed in file name <tt>$file</tt>",1);
1494    }
1495    
1496    //////////////////////////////////////////////////////////////////
1497  // MAIN PROGRAM  // MAIN PROGRAM
1498    
1499          $gblFilePerms = 0640 ;         // default for new files          $gblFilePerms = 0640 ;         // default for new files
# Line 1503  function readMime() { Line 1521  function readMime() {
1521    
1522          // try to add dir to script name to realm var          // try to add dir to script name to realm var
1523          if (is_dir("$fsRealmDir/$realm/".dirname($HTTP_SERVER_VARS[SCRIPT_NAME]))) {          if (is_dir("$fsRealmDir/$realm/".dirname($HTTP_SERVER_VARS[SCRIPT_NAME]))) {
1524                  $realm .= "/".dirname($HTTP_SERVER_VARS[SCRIPT_NAME]);                  $realm .= dirname($HTTP_SERVER_VARS[SCRIPT_NAME]);
1525                  $realm_sep = "/";                  $realm_sep = "/";
1526          } else {          } else {
1527                  $realm_sep = ".";                  $realm_sep = ".";
# Line 1551  function readMime() { Line 1569  function readMime() {
1569          // get ACL informations          // get ACL informations
1570          $HAVE_TRUSTEE = init_trustee();          $HAVE_TRUSTEE = init_trustee();
1571    
1572            // take additional login vars
1573            $relogin = $HTTP_GET_VARS[relogin];
1574            $force_login = $HTTP_GET_VARS[force_login];
1575    
1576          if (strtolower($gblLogin) == "anonymous" || !isset($gblPasswd)) {          if (strtolower($gblLogin) == "anonymous" || !isset($gblPasswd)) {
1577                  $perm = check_trustee($gblLogin,$path);                  $perm = check_trustee("anonymous",$path);
1578                  // browsing must be explicitly allowed for root directory                  // browsing must be explicitly allowed for root directory
1579                  // of repository for anonymous user to work!                  // of repository for anonymous user to work!
1580                  if ($perm[allow] & trperm_b) {                  if ($perm[allow] & trperm_b) {
# Line 1569  function readMime() { Line 1591  function readMime() {
1591                  Error("401 Unauthorized","No trespassing !",0,1);                  Error("401 Unauthorized","No trespassing !",0,1);
1592          }          }
1593    
1594    
1595          // read mime.types          // read mime.types
1596          readMime();          readMime();
1597    
1598          // get current directory relative to $gblFsRoot          if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
1599          $relDir = $DIR ;        // from POST                  // take variables from server
1600          if ($relDir == "") {    // not defined in POST ?                  $FN=stripSlashes($HTTP_POST_VARS["FN"]);
1601                  $relDir = urldecode($D) ;  // then use GET                  $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);
1602          }                        $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);
1603                    $T=stripSlashes($HTTP_POST_VARS["T"]);
1604          $relDir=stripSlashes($relDir);                  $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);
1605    
1606          if ($relDir == "/") $relDir = "" ;                        check_filename($FN);
1607          // default : website root = ""                  check_dirname($DIR);
1608                    check_dirname($RELPATH);
1609          if (strstr($relDir,"..")) Error("No updirs allowed");  
1610                    $relDir = $DIR;
1611          // full paths contain "fs" or "Fs". Paths realitve to root of          } else {
1612          // website contain "rel" or "Rel". The script won't let you                  // get
1613          // edit anything above directory equal to http://server.com                  $A=stripSlashes($HTTP_GET_VARS["A"]);
1614          // i.e. below $gblFsRoot.                  $D=stripSlashes(urldecode($HTTP_GET_VARS["D"]));
1615                    $F=stripSlashes($HTTP_GET_VARS["F"]);
1616    
1617                    check_filename($F);
1618                    check_dirname($D);
1619    
1620                    $relDir = $D;
1621            }
1622    
1623          $relScriptDir = dirname($SCRIPT_NAME) ;                  $relScriptDir = dirname($SCRIPT_NAME) ;        
1624          // i.e. /docman          // i.e. /docman
1625    
1626          // start on server root          // start on server root
1627          $gblFsRoot = $gblRepositoryDir;          $gblFsRoot = $gblRepositoryDir;
1628          // i.e. /home/httpd/html          // i.e. /home/httpd/repository
1629    
1630          $fsDir = $gblFsRoot . $relDir ; // current directory          $fsDir = $gblFsRoot . $relDir ; // current directory
1631          if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;          if ( !is_dir($fsDir) ) Error("Dir not found","Can't find <tt>$relDir</tt> which points to <tt>$fsDir</tt>",1) ;
1632    
1633          if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {          if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
1634                  $webRoot  = "https://";                  $webRoot  = "https://";
# Line 1607  function readMime() { Line 1637  function readMime() {
1637          }          }
1638          $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;          $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;
1639    
         // take variables from server  
         $FN=stripSlashes($HTTP_POST_VARS["FN"]);  
         $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);  
         $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);  
         $T=stripSlashes($HTTP_POST_VARS["T"]);  
         $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);  
   
         // get  
         $A=stripSlashes($HTTP_GET_VARS["A"]);  
         $D=stripSlashes($HTTP_GET_VARS["D"]);  
   
 //      if (isset($F)) Error("Document manager system error","variable $F shouldn't be set here (re-check old code)",1);  
 //      $F=stripSlashes($HTTP_SERVER_VARS["PATH_INFO"]);  
         $F=stripSlashes($HTTP_GET_VARS["F"]);  
   
1640          switch ($HTTP_POST_VARS["POSTACTION"]) {          switch ($HTTP_POST_VARS["POSTACTION"]) {
1641          case "UPLOAD" :          case "UPLOAD" :
1642                  $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);                  $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
# Line 1634  function readMime() { Line 1649  function readMime() {
1649                  }                  }
1650    
1651                  $FILENAME = $HTTP_POST_VARS["FILENAME"];                  $FILENAME = $HTTP_POST_VARS["FILENAME"];
1652                  if (strstr($FILENAME,"/"))                  check_filename($FILENAME);
1653                          Error("Upload error","Non-conforming filename. Filename <tt>$FILENAME</tt> has slashes (<tt>/</tt>) in it.") ;  
1654                  if (! isset($FILENAME)) {       // from update file                  if (! isset($FILENAME)) {       // from update file
1655                          $target = "$fsDir/".basename($FN);                          $target = "$fsDir/".basename($FN);
1656                  } else {                  } else {
# Line 1803  function readMime() { Line 1818  function readMime() {
1818          // $A=Co : checkout file $D/$F          // $A=Co : checkout file $D/$F
1819          // $A=Ci : checkin file $D/$F          // $A=Ci : checkin file $D/$F
1820          // $A=V : view file (do nothing except log)          // $A=V : view file (do nothing except log)
1821          // $A=I : include file .$F.php from $gblFsRoot          // $A=I : include file .$F.php from [$gblIncDir|realm]/include_php
1822          // default : display directory $D          // default : display directory $D
1823    
1824          switch ($A) {          switch ($A) {
1825          case "U" :          case "U" :
1826                  // upload to $relDir                  // upload to $relDir
1827                    if (! check_perm($relDir, trperm_w))
1828                            Error("Write access denied","You don't have permission to write in <tt>$relDir</tt>");
1829                  if (!is_writeable($gblFsRoot . $relDir))                  if (!is_writeable($gblFsRoot . $relDir))
1830                          Error("Write access denied",$relDir) ;                          Error("Write access denied","User <tt>$gblLogin</tt> has permission on <tt>$relDir</tt>, but directory is not writable",1);
1831                  $text  = "Use this page to upload a single " ;                  $text  = "Use this page to upload a single " ;
1832                  $text .= "file to <B>$realm</B>." ;                  $text .= "file to <B>$realm</B>." ;
1833                  StartHTML("(Upload Page)", $text) ;                  StartHTML("(Upload Page)", $text) ;
# Line 1858  function readMime() { Line 1875  function readMime() {
1875                  EndHTML() ;                  EndHTML() ;
1876                  exit;                  exit;
1877          case "I" :          case "I" :
1878                  $F=stripSlashes($F);                  if (! isset($F) || $F == "")
1879                  $inc_file="${gblFsRoot}/.${F}.php";                          Error("Can't find file to include","Your request didn't specify file to include which should be in variable <tt>F</tt> like <tt>$HTTP_SERVER_VARS[REQUEST_URI]<b>&F=include_php_file</b></tt>",1);
1880                  if (!isset($F) || $F == "" || !file_exists($inc_file)) Error("Fatal error $inc_file"); // can't find file to include                  $inc_file="$fsRealmDir/$realm".$realm_sep.$F.".php";
1881                    if (! file_exists($inc_file)) {
1882                            Error("Can't find file to include","Can't find include file <tt>$F.php</tt> in <tt>$fsRealmDir/$realm/</tt>. Meybe you should copy <tt>$gblIncDir/include_php/$F.php</tt> to <tt>$inc_file<tt> ?",1);
1883                    }
1884                  if (!is_readable($inc_file))                  if (!is_readable($inc_file))
1885                          Error("Read access to include file denied",".${F}.php");                          Error("Read access to include file denied","Can't read PHP include file <tt>$inc_file</tt>. Fix permissions on it.",1);
1886                  $text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";                  $text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
1887                  $title = "You should define \$title variable with page title";                  $title = "You should define \$title variable with page title";
1888                  include($inc_file);                  include($inc_file);
Legend:
Removed from v.1.12  
changed lines
  Added in v.1.16
  ViewVC Help
Powered by ViewVC 1.1.26