90 |
if ($fsDocumentRoot == "") Error("Configuration error","Can't get SCRIPT_FILENAME from your web server. Please set <tt>\$fsDocumentRoot</tt> in <tt>\$</tt>",1); |
if ($fsDocumentRoot == "") Error("Configuration error","Can't get SCRIPT_FILENAME from your web server. Please set <tt>\$fsDocumentRoot</tt> in <tt>\$</tt>",1); |
91 |
|
|
92 |
// globals for later |
// globals for later |
93 |
$gblLogin = $HTTP_SERVER_VARS["PHP_AUTH_USER"]; |
$gblLogin = HTTP_SERVER_VAR("PHP_AUTH_USER"); |
94 |
$gblPasswd = $HTTP_SERVER_VARS["PHP_AUTH_PW"]; |
$gblPasswd = HTTP_SERVER_VAR("PHP_AUTH_PW"); |
95 |
|
|
96 |
////////////////////////////////////////////////////////////////// |
////////////////////////////////////////////////////////////////// |
97 |
|
|
581 |
|
|
582 |
global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide, |
global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide, |
583 |
$gblIgnoreUnknownFileType, $gblRepositoryDir, |
$gblIgnoreUnknownFileType, $gblRepositoryDir, |
584 |
$gblLogin, $gblUserName, |
$gblLogin, $gblUserName, $gblDateFmt, $gblTimeFmt, |
585 |
$fsRealmDir, $realm, $realm_sep, |
$fsRealmDir, $realm, $realm_sep, |
586 |
$html, $realm_config, |
$html, $realm_config, |
587 |
$HTTP_GET_VARS, $HTTP_SERVER_VARS; |
$HTTP_GET_VARS, $HTTP_SERVER_VARS; |
1160 |
|
|
1161 |
function DisplayChangeLog($day) { |
function DisplayChangeLog($day) { |
1162 |
|
|
1163 |
global $gblFsRoot, $gblDateFmt, $gblTimeFmt; |
global $gblFsRoot, $gblDateFmt, $gblTimeFmt, |
1164 |
$HTTP_SERVER_VARS; |
$HTTP_SERVER_VARS; |
1165 |
|
|
1166 |
$self = $HTTP_SERVER_VARS["PHP_SELF"]; |
$self = $HTTP_SERVER_VARS["PHP_SELF"]; |
1189 |
print "<tr><td$cl>$date</td><td$cl>$time</td><td$cl><a href=\"$HTTP_SERVER_VARS[PHP_SELF]?D=".urlencode($dir)."\">$dir</a>/$file</td><td$cl>$e[2]</td><td$cl>$e[3]</td></tr>\n"; |
print "<tr><td$cl>$date</td><td$cl>$time</td><td$cl><a href=\"$HTTP_SERVER_VARS[PHP_SELF]?D=".urlencode($dir)."\">$dir</a>/$file</td><td$cl>$e[2]</td><td$cl>$e[3]</td></tr>\n"; |
1190 |
} |
} |
1191 |
print "</table>"; |
print "</table>"; |
1192 |
print "<p>".GifIcon(up)." Back to <a href=\"$self\">front page</a>.</p>"; |
print "<p>".GifIcon("up")." Back to <a href=\"$self\">front page</a>.</p>"; |
1193 |
} |
} |
1194 |
|
|
1195 |
////////////////////////////////////////////////////////////////// |
////////////////////////////////////////////////////////////////// |
1405 |
} |
} |
1406 |
|
|
1407 |
// helper function |
// helper function |
1408 |
function unroll_perm($u,$t,$user,$perm,$one_level) { |
function unroll_perm($u,$t,$perm,$one_level) { |
1409 |
|
|
1410 |
if ($t & trmask_one_level && !$one_level) return $perm; |
if ($t & trmask_one_level && !$one_level) return $perm; |
1411 |
|
|
|
// user is user whose trustee is this |
|
|
if ($t & trmask_not && ($u==$user)) return $perm; |
|
|
if (!($t & trmask_not) && ($u!=$user)) return $perm; |
|
|
|
|
1412 |
if ($t & trmask_deny) { |
if ($t & trmask_deny) { |
1413 |
if ($t & trmask_clear) { |
if ($t & trmask_clear) { |
1414 |
$perm['deny'] &= ~$t; |
$perm['deny'] &= ~$t; |
1448 |
if (isset($tr)) { |
if (isset($tr)) { |
1449 |
// first apply trustee for all |
// first apply trustee for all |
1450 |
if (isset($tr['*'])) { |
if (isset($tr['*'])) { |
1451 |
$perm = unroll_perm($user,$tr['*'],'*', $perm, $one_level); |
$perm = unroll_perm($user,$tr['*'],$perm, $one_level); |
1452 |
unset($tr['*']); |
unset($tr['*']); |
1453 |
} |
} |
1454 |
// then apply group policies |
// then apply not and group policies |
1455 |
foreach ($tr as $g=>$t) { |
foreach ($tr as $g=>$t) { |
1456 |
if ($t & trmask_group && in_group($user,$g)) { |
if ($t & trmask_not && $g != $user) { |
1457 |
|
$t = $t & ~trmask_not; |
1458 |
|
$perm = unroll_perm($user,$t,$perm, $one_level); |
1459 |
|
unset($tr[$g]); |
1460 |
|
|
1461 |
|
} elseif ($t & trmask_group && in_group($user,$g)) { |
1462 |
// resolv user |
// resolv user |
1463 |
$t = $t & ~trmask_group; |
$t = $t & ~trmask_group; |
1464 |
$perm = unroll_perm($user,$t,$g, $perm, $one_level); |
$perm = unroll_perm($user,$t,$perm, $one_level); |
1465 |
unset($tr[$g]); |
unset($tr[$g]); |
1466 |
} |
} |
1467 |
} |
} |
1468 |
// then apply user policy |
// then apply user policy |
1469 |
if (isset($tr[$user])) { |
if (isset($tr[$user])) { |
1470 |
$perm = unroll_perm($user,$tr[$user],$user, $perm,$one_level); |
$perm = unroll_perm($user,$tr[$user],$perm,$one_level); |
1471 |
unset($tr[$user]); |
unset($tr[$user]); |
1472 |
} |
} |
1473 |
} |
} |
1542 |
// [replacement for register_globals in php.ini] |
// [replacement for register_globals in php.ini] |
1543 |
|
|
1544 |
function HTTP_GET_VAR($var) { |
function HTTP_GET_VAR($var) { |
1545 |
global $HTTP_GET_VARS, $GLOBALS; |
global $HTTP_GET_VARS, ${$var}; |
1546 |
if (isset($HTTP_GET_VARS[$var])) { |
if (isset($HTTP_GET_VARS[$var])) { |
1547 |
$GLOBALS[$var] = stripSlashes($HTTP_GET_VARS[$var]); |
$$var = stripSlashes($HTTP_GET_VARS[$var]); |
1548 |
return $GLOBALS[$var]; |
return $$var; |
1549 |
} |
} |
1550 |
} |
} |
1551 |
|
|
1552 |
function HTTP_POST_VAR($var) { |
function HTTP_POST_VAR($var) { |
1553 |
global $HTTP_POST_VARS, $GLOBALS; |
global $HTTP_POST_VARS, ${$var}; |
1554 |
if (isset($HTTP_POST_VARS[$var])) { |
if (isset($HTTP_POST_VARS[$var])) { |
1555 |
$GLOBALS[$var] = stripSlashes($HTTP_POST_VARS[$var]); |
$$var = $HTTP_POST_VARS[$var]; |
1556 |
return $GLOBALS[$var]; |
return $$var; |
1557 |
|
} |
1558 |
|
} |
1559 |
|
|
1560 |
|
function HTTP_SERVER_VAR($var) { |
1561 |
|
global $HTTP_SERVER_VARS, ${$var}; |
1562 |
|
if (isset($HTTP_SERVER_VARS[$var])) { |
1563 |
|
$$var = $HTTP_SERVER_VARS[$var]; |
1564 |
|
return $$var; |
1565 |
} |
} |
1566 |
} |
} |
1567 |
|
|
1672 |
// read mime.types |
// read mime.types |
1673 |
readMime(); |
readMime(); |
1674 |
|
|
1675 |
|
HTTP_POST_VAR("FN"); |
1676 |
|
|
1677 |
if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") { |
if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") { |
1678 |
// take variables from server |
// take variables from server |
1679 |
if (HTTP_POST_VAR("FN")) check_filename($FN); |
if (HTTP_POST_VAR("FN")) |
1680 |
|
check_filename($FN); |
1681 |
if (HTTP_POST_VAR("DIR")) { |
if (HTTP_POST_VAR("DIR")) { |
1682 |
check_dirname($DIR); |
check_dirname($DIR); |
1683 |
$relDir = $DIR; |
$relDir = $DIR; |
1688 |
if (HTTP_POST_VAR("RELPATH")) check_dirname($RELPATH); |
if (HTTP_POST_VAR("RELPATH")) check_dirname($RELPATH); |
1689 |
HTTP_POST_VAR("T"); |
HTTP_POST_VAR("T"); |
1690 |
HTTP_POST_VAR("CONFIRM"); |
HTTP_POST_VAR("CONFIRM"); |
|
|
|
1691 |
} else { |
} else { |
1692 |
// get |
// get |
1693 |
HTTP_GET_VAR("A"); |
HTTP_GET_VAR("A"); |
1775 |
if (!($writable || (!$exists && $legaldir))) |
if (!($writable || (!$exists && $legaldir))) |
1776 |
Error("Write denied",$RELPATH) ; |
Error("Write denied",$RELPATH) ; |
1777 |
$fh = fopen($path, "w") ; |
$fh = fopen($path, "w") ; |
1778 |
$FILEDATA=stripSlashes($FILEDATA); |
HTTP_POST_VAR("FILEDATA"); |
1779 |
fwrite($fh,$FILEDATA) ; |
fwrite($fh,$FILEDATA) ; |
1780 |
fclose($fh) ; |
fclose($fh) ; |
1781 |
clearstatcache() ; |
clearstatcache() ; |
1784 |
|
|
1785 |
case "CREATE" : |
case "CREATE" : |
1786 |
// we know $fsDir exists |
// we know $fsDir exists |
1787 |
if ($FN == "") break; // no filename! |
if (! check_perm($relDir, trperm_w)) |
1788 |
|
Error("Write access denied","You don't have permission to write in <tt>$relDir</tt>"); |
1789 |
|
if ($T == "D") $type = "directory"; |
1790 |
|
else $type ="file"; |
1791 |
|
if ($FN == "") Error("Can't create $type","You must enter name of $type to create it."); |
1792 |
if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; |
if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; |
1793 |
$path = $fsDir . "/" . $FN ; // file or dir to create |
$path = $fsDir . "/" . $FN ; // file or dir to create |
1794 |
$relPath = $relDir . "/" . $FN ; |
$relPath = $relDir . "/" . $FN ; |
1814 |
} else { |
} else { |
1815 |
Error("Creation of file $relPath failed -- $path"); |
Error("Creation of file $relPath failed -- $path"); |
1816 |
} |
} |
1817 |
$tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ; |
$tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ; |
1818 |
header("Location: " . $tstr) ; |
header("Location: " . $tstr) ; |
1819 |
exit ; |
exit ; |
1820 |
} |
} |