edit: detect executable files as uneditable

diff --git a/edit.php b/edit.php
old mode 100644 (file)
new mode 100755 (executable)
index 5790696..357d3a4
--- a/edit.php
+++ b/edit.php
@@ -13,6 +13,8 @@ if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
 $filename = preg_replace('/(?:\.html)?$/', '.html', ltrim($_SERVER['PATH_INFO'], '/'), 1);
 if (file_exists($filename) and !is_writable($filename))
        abort('403 input error', "ongeldige bestandsnaam: $filename");
+if (is_executable($filename))
+       abort('403 input error', "onwijzigbaar bestand: $filename");
 
 if (!isset($_POST['body']))
        abort('409 input error', "geen inhoud aangeleverd");

diff --git a/foot.inc.php b/foot.inc.php
old mode 100644 (file)
new mode 100755 (executable)
index 7723e30..d2ba826
--- a/foot.inc.php
+++ b/foot.inc.php
@@ -13,6 +13,13 @@ EOT;
 define('N', "\n");
 
 $editable = FALSE; // "Beheer toegestaan voor {$_SERVER['REMOTE_ADDR']}:";
+
+$curfile = ltrim($_SERVER['SCRIPT_NAME'], '/');
+if (is_executable(__DIR__ . '/' . $curfile)) {
+       // dynamic code is +x
+       $editable = FALSE;
+}
+
 if ($editable) {
        echo '<p class="footer">'.N;
        echo $editable.N;