kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes #68 Fixes #1256 Fixes #1134 : browser now check every action : mkdir, createfile, move, rename, read, write. Also removes the 'drag&drop' in browser editor

This commit is contained in:
Benjamin Sonntag 2011-06-04 10:37:59 +00:00
parent b99db10d05
commit 26ae262b90
7 changed files with 110 additions and 1496 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -226,7 +226,6 @@ bureau/admin/js/jquery_ui/js/jquery.ui.datepicker-es.js -text
bureau/admin/js/jquery_ui/js/jquery.ui.datepicker-fr.js -text
bureau/admin/js/prototype.js -text
bureau/admin/js/rico.js -text
bureau/admin/js/wz_dragdrop.js -text
bureau/admin/login.php -text
bureau/admin/logo.png -text
bureau/admin/logo2.png -text

33
bureau/admin/bro_editor.php
View File

@ -40,27 +40,37 @@ if ($cancel) {
exit();
}
if ($saveret) {
$bro->Save($editfile,$R,$texte);
$error=sprintf(_("Your file %s has been saved"),$editfile)." (".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d H:i:s")).")";
include("bro_main.php");
exit();
if ($bro->Save($editfile,$R,$texte)) {
$error=sprintf(_("Your file %s has been saved"),$editfile)." (".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d H:i:s")).")";
} else {
$error=$err->errstr();
}
include("bro_main.php");
exit();
}
if ($save) {
$bro->Save($editfile,$R,$texte);
$error=sprintf(_("Your file %s has been saved"),$editfile)." (".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d H:i:s")).")";
if ($bro->Save($editfile,$R,$texte)) {
$error=sprintf(_("Your file %s has been saved"),$editfile)." (".format_date('%3$d-%2$d-%1$d %4$d:%5$d',date("Y-m-d H:i:s")).")";
} else {
$error=$err->errstr();
}
}
include_once("head.php");
?>
<p>
<?php if ($error) echo "<font color=\"red\">$error</font><br />"; ?>
<?php if ($error) echo "<p class=\"error\">$error</p>"; ?>
<?php echo _("File editing")." <code>$R/<b>$editfile</b></code><br />"; ?>
</p>
<form action="bro_editor.php" method="post"><br />
<div id="resizer" style="left: 0px; top: 0px; z-index: 54; width: <?php echo $p["editsizex"]*8; ?>px; height: <?php echo $p["editsizey"]*8; ?>px; cursor: auto;"><textarea class="int" style="font-family: <?php echo $p["editor_font"]; ?>; font-size: <?php echo $p["editor_size"]; ?>; width: 90%; height: 90%;" name="texte"><?php
$bro->content($R,$editfile);
?></textarea><img src="/admin/icon/winresize.gif" alt="<?php __("ctrl+click or shift+click and drag to resize the editing zone"); ?>" title="<?php __("ctrl+click or shift+click and drag to resize the editing zone"); ?>" height="20" width="20" /></div><br />
$failed=false;
if (!$bro->content($R,$editfile)) {
$failed=true;
}
?></textarea>
<?php if ($failed) echo "<p class=\"error\">".$err->errstr()."</p>"; ?>
<input type="hidden" name="editfile" value="<?php echo str_replace("\"","&quot;",$editfile); ?>" />
<input type="hidden" name="R" value="<?php echo str_replace("\"","&quot;",$R); ?>" />
@ -68,10 +78,5 @@ $bro->content($R,$editfile);
<input type="submit" class="inb" value="<?php __("Save &amp; Quit"); ?>" name="saveret" />
<input type="submit" class="inb" value="<?php __("Quit"); ?>" name="cancel" />
<br />
<script type="text/javascript">
<!--
SET_DHTML("resizer"+RESIZABLE);
//-->
</script>
</form>
<?php include_once("foot.php"); ?>

1
bureau/admin/head.php
View File

@ -37,7 +37,6 @@ if (!$charset) $charset="iso-8859-1";
<link rel="stylesheet" href="styles/style.css" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
<script type="text/javascript" src="js/alternc.js"></script>
<script type="text/javascript" src="js/wz_dragdrop.js"></script>
<script src="js/jquery.min.js" type="text/javascript"></script>
<script src="js/jquery_ui/js/jquery-ui-1.8.10.custom.min.js" type="text/javascript"></script>
<?php

1380
bureau/admin/js/wz_dragdrop.js
View File

File diff suppressed because it is too large Load Diff

149
bureau/class/m_bro.php
View File

@ -330,7 +330,10 @@ class m_bro {
$file=ssla($file);
$absolute=$this->convertabsolute($dir."/".$file,0);
if ($absolute && !file_exists($absolute)) {
mkdir($absolute,00777);
if (!@mkdir($absolute,00777)) {
$err->raise("bro",4);
return false;
}
$db->query("UPDATE browser SET crff=1 WHERE uid='$cuid';");
return true;
} else {
@ -355,7 +358,10 @@ class m_bro {
return false;
}
if (!file_exists($absolute)) {
touch($absolute);
if (!@touch($absolute)) {
$err->raise("bro",3);
return false;
}
}
$db->query("UPDATE browser SET crff=0 WHERE uid='$cuid';");
return true;
@ -433,10 +439,7 @@ class m_bro {
return false;
}
// FIXME: check that we don't have a huge security issue here ...
// If the destionation (new) doesn't have an absolute path, give it the prefix (old) from the first file found
if ($new[0] != '/') {
// Ex: settings.php will become /var/alternc/html/f/foo/www/example.org/drupal-6.10/sites/default/settings.php
$new = $old . '/' . $new;
} else {
$new = $this->convertabsolute($new,0);
@ -464,9 +467,10 @@ class m_bro {
* @param string $R dossier dans lequel se trouve les fichiers à renommer.
* @param array of string $old Ancien nom des fichiers
* @param array of string $new Nouveau nom des fichiers
* @param $verbose boolean shall we 'echo' what we did ?
* @return boolean TRUE si les fichiers ont été renommés, FALSE si une erreur s'est produite.
*/
function ChangePermissions($R,$d,$perm) {
function ChangePermissions($R,$d,$perm,$verbose=true) {
global $err;
$absolute=$this->convertabsolute($R,0);
if (!$absolute) {
@ -476,7 +480,6 @@ class m_bro {
for ($i=0;$i<count($d);$i++) {
$d[$i]=ssla($d[$i]); // strip slashes if needed
if (!strpos($d[$i],"/")) { // caractère / interdit dans le nom du fichier
// @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea);
$m = fileperms($absolute."/". $d[$i]);
// pour l'instant on se limite a "write" pour owner, puisque c'est le seul
@ -488,7 +491,9 @@ class m_bro {
}
$m = $m | ($perm[$i]['w'] ? 128 : 0); // 0600
chmod($absolute."/".$d[$i], $m);
echo "chmod " . sprintf('%o', $m) . " file, was " . sprintf('%o', fileperms($absolute."/". $d[$i])). " -- " . $perm[$i]['w'];
if ($verbose) {
echo "chmod " . sprintf('%o', $m) . " file, was " . sprintf('%o', fileperms($absolute."/". $d[$i])). " -- " . $perm[$i]['w'];
}
}
}
@ -550,16 +555,18 @@ class m_bro {
}
$file = escapeshellarg($file);
$dest = escapeshellarg($dest);
#TODO new version of tar supports `tar xf ...` so there is no
# need to specify the compression format
// TODO new version of tar supports `tar xf ...` so there is no
// need to specify the compression format
exec("tar -xzf $file -C $dest", $void, $ret);
if ($ret) {
#print "tgz extraction failed, moving on to tbz\n";
exec("tar -xjf $file -C $dest", $void, $ret);
}
if ($ret) {
$cmd = "unzip -o $file -d $dest";
#print "tbz extraction failed, moving on to zip: $cmd\n";
exec($cmd, $void, $ret);
}
if ($ret) {
$cmd = "gunzip $file";
exec($cmd, $void, $ret);
}
if ($ret) {
@ -611,64 +618,6 @@ class m_bro {
function CopyOneFile($src, $dest)
{
global $err;
/*
* XXX: Disabled functionality until audit is completed
*/
/*
if (substr($src, 0, 7) == "http://") {
$filename = basename($src);
$extractdir = tempnam("/tmp", "brouteur");
unlink($extractdir);
mkdir($extractdir);
if (!$http = @fopen($src, "rb")) {
// Try to get a handle on $http with fsockopen instead
//FIXME we'd better use a real http getter function/class (such as Octopuce_Http_Client (ask Benjamin)
ereg('^http://([^/]+)(/.*)$', $src, $eregs);
$hostname = $eregs[1];
$path = $eregs[2];
$http = @fsockopen($hostname, 80);
@fputs($http, "GET $path HTTP/1.1\nHost: $hostname\n\n");
}
if ($http) {
// Save the bits
$f = fopen("$extractdir/$filename", "wb");
while (!feof($http)) {
$bin = fgets($http, 16384);
fwrite($f, $bin);
//FIXME if (!trim($bin)) break;
}
fclose($f);
fclose($http);
} else {
// Dammit, try with wget than
exec("wget -q '$src' -O '$extractdir/$filename'", $void, $ret);
if ($ret) {
$error = _("Unable to download the web application's package.");
return false;
}
}
// Now extract that package
if (!brouteur_extract("$extractdir/$filename", $extractdir)) {
$error = _("Unable to extract the files");
return false;
}
unlink("$extractdir/$filename");
// Corrupt $src since we want to copy $extractdir/packagename
$hd = opendir($extractdir);
while ($file = readdir($hd)) {
if ($file != "." && $file != "..") {
$src = "$extractdir/$file";
break;
}
}
}
*/
// Last step // Copy -R
$src = escapeshellarg($src);
$dest = escapeshellarg($dest);
exec("cp -Rpf $src $dest", $void, $ret);
@ -718,10 +667,19 @@ class m_bro {
if (!strpos($file,"/")) {
$absolute.="/".$file;
if (file_exists($absolute)) {
$content = @file($absolute);
for($i=0;$i<count($content);$i++) {
echo str_replace("<","&lt;",str_replace("&","&amp;",$content[$i]));
$f=fopen($absolute,"rb");
if ($f) {
while ($s=fgets($f,1024)) {
echo str_replace("<","&lt;",str_replace("&","&amp;",$s));
}
fclose($f);
} else {
$err->raise("bro",6);
return false;
}
} else {
$err->raise("bro",6);
return false;
}
} else {
$err->raise("bro",1);
@ -783,6 +741,7 @@ class m_bro {
}
}
/**
* Return a HTML snippet representing an extraction function only if the mimetype of $name is supported
*/
@ -810,16 +769,17 @@ class m_bro {
return false;
}
/* ------------------------------------------------------------------ */
/** Echoes the content of the file $file located in directory $R
*/
function content_send($R,$file) {
global $err;
$absolute=$this->convertabsolute($R,0);
if (!strpos($file,"/")) {
$absolute.="/".$file;
if (file_exists($absolute)) {
$content = @file($absolute);
for($i=0;$i<count($content);$i++) {
echo stripslashes($content[$i]);
}
readfile($absolute);
}
} else {
$err->raise("bro",1);
@ -827,6 +787,7 @@ class m_bro {
}
}
/* ----------------------------------------------------------------- */
/** Sauve le fichier $file dans le dossier $R avec pour contenu $texte
* le contenu est issu d'un textarea, et ne DOIT PAS contenir de \ ajoutés
@ -847,6 +808,9 @@ class m_bro {
if ($f) {
fputs($f,$texte,strlen($texte));
fclose($f);
} else {
$err->raise("bro",5);
return false;
}
}
} else {
@ -855,59 +819,62 @@ class m_bro {
}
}
/* ----------------------------------------------------------------- */
/** Echo d'un flux .tar.Z contenant tout le contenu du dossier $dir
* @param string $dir dossier à dumper, relatif à la racine du compte du membre.
* @return void NE RETOURNE RIEN, et il faut Quitter le script immédiatement après
*/
function DownloadZ($dir="") {
global $mem;
function DownloadZ($dir="") {
global $mem,$L_ALTERNC_LOC;
header("Content-Disposition: attachment; filename=".$mem->user["login"].".Z");
header("Content-Type: application/x-Z");
header("Content-Transfer-Encoding: binary");
$d=escapeshellarg(".".$this->convertabsolute($dir,1));
set_time_limit(0);
passthru("/bin/tar -cZ -C /var/alternc/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/ $d");
passthru("/bin/tar -cZ -C ".$L_ALTERNC_LOC."/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/ $d");
}
/* ----------------------------------------------------------------- */
/** Echo d'un flux .tgz contenant tout le contenu du dossier $dir
* @param string $dir dossier à dumper, relatif à la racine du compte du membre.
* @return void NE RETOURNE RIEN, et il faut Quitter le script immédiatement après
*/
function DownloadTGZ($dir="") {
global $mem;
function DownloadTGZ($dir="") {
global $mem,$L_ALTERNC_LOC;
header("Content-Disposition: attachment; filename=".$mem->user["login"].".tgz");
header("Content-Type: application/x-tgz");
header("Content-Transfer-Encoding: binary");
$d=escapeshellarg(".".$this->convertabsolute($dir,1));
set_time_limit(0);
passthru("/bin/tar -cz -C /var/alternc/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/ $d");
passthru("/bin/tar -cz -C ".$L_ALTERNC_LOC."/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/ $d");
}
/* ----------------------------------------------------------------- */
/** Echo d'un flux .tar.bz2 contenant tout le contenu du dossier $dir
* @param string $dir dossier à dumper, relatif à la racine du compte du membre.
* @return void NE RETOURNE RIEN, et il faut Quitter le script immédiatement après
*/
function DownloadTBZ($dir="") {
global $mem;
function DownloadTBZ($dir="") {
global $mem,$L_ALTERNC_LOC;
header("Content-Disposition: attachment; filename=".$mem->user["login"].".tar.bz2");
header("Content-Type: application/x-bzip2");
header("Content-Transfer-Encoding: binary");
$d=escapeshellarg(".".$this->convertabsolute($dir,1));
set_time_limit(0);
passthru("/bin/tar -cj -C /var/alternc/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/ $d");
passthru("/bin/tar -cj -C ".$L_ALTERNC_LOC."/html/".substr($mem->user["login"],0,1)."/".$mem->user["login"]."/ $d");
}
/* ----------------------------------------------------------------- */
/** Echo d'un flux .ZIP contenant tout le contenu du dossier $dir
* @param string $dir dossier à dumper, relatif à la racine du compte du membre.
* @return void NE RETOURNE RIEN, et il faut Quitter le script immédiatement après
*/
function DownloadZIP($dir="") {
global $mem;
function DownloadZIP($dir="") {
global $mem,$L_ALTERNC_LOC;
header("Content-Disposition: attachment; filename=".$mem->user["login"].".zip");
header("Content-Type: application/x-zip");
header("Content-Transfer-Encoding: binary");
@ -916,6 +883,7 @@ class m_bro {
passthru("/usr/bin/zip -r - $d");
}
/* ----------------------------------------------------------------- */
/** Fonction de tri perso utilisé par filelist.
* @access private
@ -926,6 +894,7 @@ class m_bro {
return $a["name"]>$b["name"];
}
/* ----------------------------------------------------------------- */
/** Efface $file et tous ses sous-dossiers s'il s'agit d'un dossier
* A UTILISER AVEC PRECAUTION !!!

21
bureau/locales/en_US/LC_MESSAGES/manual.po
View File

@ -674,6 +674,22 @@ msgstr "File or folder name is incorrect"
msgid "err_bro_2"
msgstr "You cannot move or copy a file to the same folder"
#. Cannot create the requested file. Please check permissions.
msgid "err_bro_3"
msgstr "Cannot create the requested file. Please check permissions."
#. Cannot create the requested directory. Please check permissions.
msgid "err_bro_4"
msgstr "Cannot create the requested directory. Please check permissions."
#. Cannot edit the requested file. Please check permissions.
msgid "err_bro_5"
msgstr "Cannot edit the requested file. Please check permissions."
#. Cannot read the requested file. Please check permissions.
msgid "err_bro_6"
msgstr "Cannot read the requested file. Please check permissions."
#. If we manage your DNS <br />You can manage your mails elsewhere if you want
#. (MX field).<br />Write <b><code>%s</code></b> in this field if your mail
#. must be managed by %s<br />or put the IP address or name of the mail server
@ -781,11 +797,6 @@ msgstr "The password is mandatory"
msgid "err_mysql_21"
msgstr "The username cannot be empty"
msgid "err_bro_3"
msgstr ""
"You don't have the right to write into this folder. Please check the access "
"rights."
# $d,$m,$y,$h,$i,$hh,$am
# 1 2 3 4 5 6 7
#, fuzzy

21
bureau/locales/fr_FR/LC_MESSAGES/manual.po
View File

@ -692,6 +692,22 @@ msgstr "R
msgid "err_bro_2"
msgstr "Vous ne pouvez pas déplacer un fichier dans le même répertoire !"
#. Cannot create the requested file. Please check permissions.
msgid "err_bro_3"
msgstr "Impossible de créer le fichier demandé. Vérifiez les permissions."
#. Cannot create the requested directory. Please check permissions.
msgid "err_bro_4"
msgstr "Impossible de créer le répertoire demandé. Vérifiez les permissions."
#. Cannot edit the requested file. Please check permissions.
msgid "err_bro_5"
msgstr "Impossible de modifier le fichier demandé. Vérifiez les permissions."
#. Cannot read the requested file. Please check permissions.
msgid "err_bro_6"
msgstr "Impossible de lire le fichier demandé. Vérifiez les permissions."
#. If we manage your DNS <br />You can manage your mails elsewhere if you want
#. (MX field).<br />Write <b><code>%s</code></b> in this field if your mail
#. must be managed by %s<br />or put the IP address or name of the mail server
@ -788,11 +804,6 @@ msgstr "Le mot de passe est obligatoire"
msgid "err_mysql_21"
msgstr "Le nom d'utilisateur ne peut pas être vide"
msgid "err_bro_3"
msgstr ""
"Vous n'avez pas le droit d'écrire dans ce répertoire. Vérifiez les droits "
"d'accès !"
# $d,$m,$y
# 1 2 3
msgid "%3$d-%2$d-%1$d"