package Apache::PageKit::Edit; # $Id: Edit.pm,v 1.17 2004/05/03 13:48:29 borisz Exp $ # note that this Model class accesses some of the internals of # PageKit and should not be used as an example for writing # your own Model classes use vars qw(@ISA $key_value_pattern); @ISA = qw(Apache::PageKit::Model); use strict; use File::Path (); # --------------------- $1 -------------------------- # $2 $3 $4 $5 $key_value_pattern = qr!(\s+(\w+)(?:\s*=\s*(?:"([^"]*)"|\'([^\']*)\'|(\w+)))?)!; #" sub _build_path { my ( $pkit_root, $path_with_fname ) = @_; for ( $path_with_fname ) { s!//+!/!g; 1 while( s![^/]/\.\./!! ); } return(( index( $path_with_fname, '..' ) >= 0 ) ? undef : $pkit_root . '/' . $path_with_fname ); } # Editing views sub open_file { my $model = shift; # check if the user is allowed to open a file unless ( $model->output('pkit_admin') ) { $model->pkit_internal_redirect($model->pkit_get_default_page); return; } my $file = $model->input('file') || die "No input filename!"; $model->output(file => $file); $file = _build_path( $model->pkit_root, $file ) || die "Illegal input chars ($file)" ; $model->output( read_only => 1 ) if ( ! -w $file ); open FILE, "$file" or die $!; binmode FILE; local $/ = undef; # we need to escape HTML tags to avoid # my $content = Apache::Util::escape_html( || ""); my $content = ; close FILE; # we need to escape all & chars so that for example   is #   and not ' ' #