From 32e3b88e09030d041119eea1b8e5f932b1d17304 Mon Sep 17 00:00:00 2001 From: David Lawrence Ramsey Date: Sat, 29 May 2004 01:20:17 +0000 Subject: [PATCH] add some comments better explaining what is disabled in restricted mode and why git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@1778 35c25a1d-7b9e-4130-9fde-d3aeb78583b8 --- ChangeLog | 2 ++ src/files.c | 11 +++++++++-- src/global.c | 31 ++++++++++++++++++++++++++++++- src/nano.c | 24 +++++++++++++++--------- src/winio.c | 17 +++++++++++++++++ 5 files changed, 73 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index ddb116ca..ab0dd137 100644 --- a/ChangeLog +++ b/ChangeLog @@ -91,6 +91,8 @@ CVS code - need_vertical_update(), edit_scroll(), and edit_redraw(). Also rename the int refresh in do_delete() and do_backspace() to do_refresh so as not to conflict with refresh(). (DLR) + - Add some comments better explaining what is disabled in + restricted mode and why. (DLR) - files.c: add_open_file() - Rearrange the NANO_SMALL #ifdef so that the code to set the diff --git a/src/files.c b/src/files.c index c958be61..333c9fd6 100644 --- a/src/files.c +++ b/src/files.c @@ -1930,6 +1930,11 @@ int do_writeout(int exiting) i = do_yesno(FALSE, _("File exists, OVERWRITE ?")); if (i == 0 || i == -1) continue; + /* If we're using restricted mode, we aren't allowed to + * change the name of a file once it has one because that + * would allow reading from or writing to files not + * specified on the command line. In this case, don't + * bother showing the "Different Name" prompt. */ } else if (!ISSET(RESTRICTED) && filename[0] != '\0' #ifndef NANO_SMALL && (exiting || !ISSET(MARK_ISSET)) @@ -1942,8 +1947,10 @@ int do_writeout(int exiting) } #ifndef NANO_SMALL - /* Here's where we allow the selected text to be written to - * a separate file. */ + /* Here's where we allow the selected text to be written to a + * separate file. If we're using restricted mode, this is + * disabled since it allows reading from or writing to files not + * specified on the command line. */ if (!ISSET(RESTRICTED) && !exiting && ISSET(MARK_ISSET)) i = write_marked(answer, FALSE, append); else diff --git a/src/global.c b/src/global.c index fbe3e823..48e997fa 100644 --- a/src/global.c +++ b/src/global.c @@ -276,6 +276,8 @@ void toggle_init(void) toggle_init_one(TOGGLE_NOHELP_KEY, toggle_nohelp_msg, NO_HELP); #ifdef ENABLE_MULTIBUFFER + /* If we're using restricted mode, the multibuffer toggle is + * disabled. It's useless since inserting files is disabled. */ if (!ISSET(RESTRICTED)) toggle_init_one(TOGGLE_MULTIBUFFER_KEY, toggle_multibuffer_msg, MULTIBUFFER); #endif @@ -285,11 +287,17 @@ void toggle_init(void) toggle_init_one(TOGGLE_WRAP_KEY, toggle_wrap_msg, NO_WRAP); #endif toggle_init_one(TOGGLE_CUTTOEND_KEY, toggle_cuttoend_msg, CUT_TO_END); + /* If we're using restricted mode, the suspend toggle is disabled. + * It's useless since suspending is disabled. */ if (!ISSET(RESTRICTED)) toggle_init_one(TOGGLE_SUSPEND_KEY, toggle_suspend_msg, SUSPEND); #ifndef DISABLE_MOUSE toggle_init_one(TOGGLE_MOUSE_KEY, toggle_mouse_msg, USE_MOUSE); #endif + /* If we're using restricted mode, the no-conversion, DOS format, + * Mac format, and backup toggles are disabled. The first, second, + * and third are useless since inserting files is disabled, and the + * fourth is useless since backups are disabled. */ if (!ISSET(RESTRICTED)) { toggle_init_one(TOGGLE_NOCONVERT_KEY, toggle_noconvert_msg, NO_CONVERT); toggle_init_one(TOGGLE_DOS_KEY, toggle_dos_msg, DOS_FILE); @@ -482,7 +490,11 @@ void shortcut_init(int unjustify) #endif ); - /* this is so we can view multiple files */ + /* We allow inserting files in view mode if multibuffers are + * available, so that we can view multiple files. */ + /* If we're using restricted mode, inserting files is disabled since + * it allows reading from or writing to files not specified on the + * command line. */ /* Translators: try to keep this string under 10 characters long */ sc_init_one(&main_list, NANO_INSERTFILE_KEY, _("Read File"), IFHELP(nano_insert_msg, NANO_NO_KEY), NANO_INSERTFILE_FKEY, @@ -530,6 +542,9 @@ void shortcut_init(int unjustify) IFHELP(nano_cursorpos_msg, NANO_NO_KEY), NANO_CURSORPOS_FKEY, NANO_NO_KEY, VIEW, do_cursorpos_void); + /* If we're using restricted mode, spell checking is disabled + * because it allows reading from or writing to files not specified + * on the command line. */ /* Translators: try to keep this string under 10 characters long */ sc_init_one(&main_list, NANO_SPELL_KEY, _("To Spell"), IFHELP(nano_spell_msg, NANO_NO_KEY), NANO_SPELL_FKEY, @@ -854,6 +869,8 @@ void shortcut_init(int unjustify) ); #ifndef DISABLE_BROWSER + /* If we're using restricted mode, the file browser is disabled. + * It's useless since inserting files is disabled. */ /* Translators: try to keep this string under 16 characters long */ if (!ISSET(RESTRICTED)) sc_init_one(&writefile_list, NANO_TOFILES_KEY, _("To Files"), @@ -862,6 +879,12 @@ void shortcut_init(int unjustify) #endif #ifndef NANO_SMALL + /* If we're using restricted mode, the DOS format, Mac format, + * append, prepend, and backup toggles are disabled. The first and + * second are useless since inserting files is disabled, the third + * and fourth are disabled because they allow writing to files not + * specified on the command line, and the fifth is useless since + * backups are disabled. */ /* Translators: try to keep this string under 16 characters long */ if (!ISSET(RESTRICTED)) sc_init_one(&writefile_list, NANO_NO_KEY, _("DOS Format"), @@ -916,6 +939,8 @@ void shortcut_init(int unjustify) NANO_NO_KEY, VIEW, 0); #ifndef DISABLE_BROWSER + /* If we're using restricted mode, the file browser is disabled. + * It's useless since inserting files is disabled. */ if (!ISSET(RESTRICTED)) sc_init_one(&insertfile_list, NANO_TOFILES_KEY, _("To Files"), IFHELP(nano_tofiles_msg, NANO_NO_KEY), NANO_NO_KEY, @@ -923,6 +948,8 @@ void shortcut_init(int unjustify) #endif #ifndef NANO_SMALL + /* If we're using restricted mode, command execution is disabled. + * It's useless since inserting files is disabled. */ /* Translators: try to keep this string under 22 characters long */ if (!ISSET(RESTRICTED)) sc_init_one(&insertfile_list, NANO_EXTCMD_KEY, _("Execute Command"), @@ -930,6 +957,8 @@ void shortcut_init(int unjustify) NANO_NO_KEY, NOVIEW, 0); #ifdef ENABLE_MULTIBUFFER + /* If we're using restricted mode, the multibuffer toggle is + * disabled. It's useless since inserting files is disabled. */ /* Translators: try to keep this string under 22 characters long */ if (!ISSET(RESTRICTED)) sc_init_one(&insertfile_list, NANO_NO_KEY, _("New Buffer"), diff --git a/src/nano.c b/src/nano.c index 3109bacb..0d87251d 100644 --- a/src/nano.c +++ b/src/nano.c @@ -155,7 +155,9 @@ void die_save_file(const char *die_filename) char *ret; int i = -1; - /* No emergency files in restricted mode! */ + /* If we're using restricted mode, don't write any emergency backup + * files, since that would allow reading from or writing to files + * not specified on the command line. */ if (ISSET(RESTRICTED)) return; @@ -3270,12 +3272,14 @@ int main(int argc, char *argv[]) } } - /* If filename starts with 'r', we use restricted mode. */ + /* If the executable filename starts with 'r', we use restricted + * mode. */ if (*(tail(argv[0])) == 'r') SET(RESTRICTED); - /* If we're using restricted mode, disable suspending, backup files, - * and reading rcfiles. */ + /* If we're using restricted mode, disable suspending, backups, and + * reading rcfiles, since they all would allow reading from or + * writing to files not specified on the command line. */ if (ISSET(RESTRICTED)) { UNSET(SUSPEND); UNSET(BACKUP_FILE); @@ -3368,9 +3372,10 @@ int main(int argc, char *argv[]) #ifndef NANO_SMALL /* Set up the backup directory (unless we're using restricted mode, - * in which case backups are disabled). This entails making sure it - * exists and is a directory, so that backup files will be saved - * there. */ + * in which case backups are disabled, since they would allow + * reading from or writing to files not specified on the command + * line). This entails making sure it exists and is a directory, so + * that backup files will be saved there. */ if (!ISSET(RESTRICTED)) init_backup_dir(); #endif @@ -3392,9 +3397,10 @@ int main(int argc, char *argv[]) #ifndef DISABLE_SPELLER /* If we don't have an alternative spell checker after reading the - * command line and/or rcfile, check $SPELL for one, as Pico + * command line and/or rcfile(s), check $SPELL for one, as Pico * does (unless we're using restricted mode, in which case spell - * checking is disabled). */ + * checking is disabled, since it would allow reading from or + * writing to files not specified on the command line). */ if (!ISSET(RESTRICTED) && alt_speller == NULL) { char *spellenv = getenv("SPELL"); if (spellenv != NULL) diff --git a/src/winio.c b/src/winio.c index ab0d0dd1..df87bb54 100644 --- a/src/winio.c +++ b/src/winio.c @@ -1558,6 +1558,11 @@ int nanogetstr(int allowtabs, const char *buf, const char *def, input */ wrefresh(edit); + /* If we're using restricted mode, we aren't allowed to change the + * name of a file once it has one because that would allow writing + * to files not specified on the command line. In this case, + * disable all keys that would change the text if the filename isn't + * blank and we're at the "Write File" prompt. */ while ((kbinput = get_kbinput(bottomwin, &meta_key)) != NANO_ENTER_KEY) { for (t = s; t != NULL; t = t->next) { #ifdef DEBUG @@ -1620,6 +1625,8 @@ int nanogetstr(int allowtabs, const char *buf, const char *def, x++; break; case NANO_DELETE_KEY: + /* If we're using restricted mode, the filename isn't blank, + * and we're at the "Write File" prompt, disable Delete. */ if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) { if (x < xend) { charmove(answer + x, answer + x + 1, xend - x); @@ -1629,6 +1636,9 @@ int nanogetstr(int allowtabs, const char *buf, const char *def, break; case NANO_CUT_KEY: case NANO_UNCUT_KEY: + /* If we're using restricted mode, the filename isn't blank, + * and we're at the "Write File" prompt, disable Cut and + * UnCut. */ if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) { null_at(&answer, 0); xend = 0; @@ -1636,6 +1646,9 @@ int nanogetstr(int allowtabs, const char *buf, const char *def, } break; case NANO_BACKSPACE_KEY: + /* If we're using restricted mode, the filename isn't blank, + * and we're at the "Write File" prompt, disable + * Backspace. */ if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) { if (x > 0) { charmove(answer + x - 1, answer + x, xend - x + 1); @@ -1780,6 +1793,10 @@ int nanogetstr(int allowtabs, const char *buf, const char *def, return kbinput; } + /* If we're using restricted mode, the filename isn't blank, + * and we're at the "Write File" prompt, act as though the + * unhandled character we got is a control character and + * throw it away. */ if (is_cntrl_char(kbinput) || (ISSET(RESTRICTED) && filename[0] != '\0' && s == writefile_list)) break; answer = charealloc(answer, xend + 2); -- 2.39.5