From: Mischa POSLAWSKY <perl@shiar.org>
Date: Mon, 10 Jul 2017 02:44:38 +0000 (+0200)
Subject: edit: detect executable files as uneditable
X-Git-Tag: v1.3~11
X-Git-Url: http://git.shiar.net/minimedit.git/commitdiff_plain/3f78a38cb23e2bb2609e010f0d3b4dce2d3c1727

edit: detect executable files as uneditable
---

diff --git a/edit.php b/edit.php
old mode 100644
new mode 100755
index 5790696..357d3a4
--- a/edit.php
+++ b/edit.php
@@ -13,6 +13,8 @@ if (!isset($_SERVER['PATH_INFO']) or strlen($_SERVER['PATH_INFO']) <= 1)
 $filename = preg_replace('/(?:\.html)?$/', '.html', ltrim($_SERVER['PATH_INFO'], '/'), 1);
 if (file_exists($filename) and !is_writable($filename))
 	abort('403 input error', "ongeldige bestandsnaam: $filename");
+if (is_executable($filename))
+	abort('403 input error', "onwijzigbaar bestand: $filename");
 
 if (!isset($_POST['body']))
 	abort('409 input error', "geen inhoud aangeleverd");
diff --git a/foot.inc.php b/foot.inc.php
old mode 100644
new mode 100755
index 7723e30..d2ba826
--- a/foot.inc.php
+++ b/foot.inc.php
@@ -13,6 +13,13 @@ EOT;
 define('N', "\n");
 
 $editable = FALSE; // "Beheer toegestaan voor {$_SERVER['REMOTE_ADDR']}:";
+
+$curfile = ltrim($_SERVER['SCRIPT_NAME'], '/');
+if (is_executable(__DIR__ . '/' . $curfile)) {
+	// dynamic code is +x
+	$editable = FALSE;
+}
+
 if ($editable) {
 	echo '<p class="footer">'.N;
 	echo $editable.N;