add some comments better explaining what is disabled in restricted mode

and why git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@1778 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
2024-11-22 12:51:23 +03:00 · 2004-05-29 01:20:17 +00:00 · 2004-05-29 01:20:17 +00:00 · 32e3b88e09
commit 32e3b88e09
parent dd7cc7230e
5 changed files with 73 additions and 12 deletions
--- a/2
+++ b/2
@ -91,6 +91,8 @@ CVS code -
 	  need_vertical_update(), edit_scroll(), and edit_redraw().
 	  Also rename the int refresh in do_delete() and do_backspace()
 	  to do_refresh so as not to conflict with refresh(). (DLR)
+	- Add some comments better explaining what is disabled in
+	  restricted mode and why. (DLR)
 - files.c:
  add_open_file()
 	- Rearrange the NANO_SMALL #ifdef so that the code to set the
--- a/src/files.c
+++ b/src/files.c
@ -1930,6 +1930,11 @@ int do_writeout(int exiting)
 		i = do_yesno(FALSE, _("File exists, OVERWRITE ?"));
 		if (i == 0 || i == -1)
 		    continue;
+	    /* If we're using restricted mode, we aren't allowed to
+	     * change the name of a file once it has one because that
+	     * would allow reading from or writing to files not
+	     * specified on the command line.  In this case, don't
+	     * bother showing the "Different Name" prompt. */
 	    } else if (!ISSET(RESTRICTED) && filename[0] != '\0'
 #ifndef NANO_SMALL
 		&& (exiting || !ISSET(MARK_ISSET))
@ -1942,8 +1947,10 @@ int do_writeout(int exiting)
 	}

 #ifndef NANO_SMALL
-	/* Here's where we allow the selected text to be written to
-	 * a separate file. */
+	/* Here's where we allow the selected text to be written to a
+	 * separate file.  If we're using restricted mode, this is
+	 * disabled since it allows reading from or writing to files not
+	 * specified on the command line. */
 	if (!ISSET(RESTRICTED) && !exiting && ISSET(MARK_ISSET))
 	    i = write_marked(answer, FALSE, append);
 	else
--- a/src/global.c
+++ b/src/global.c
@ -276,6 +276,8 @@ void toggle_init(void)

    toggle_init_one(TOGGLE_NOHELP_KEY, toggle_nohelp_msg, NO_HELP);
 #ifdef ENABLE_MULTIBUFFER
+    /* If we're using restricted mode, the multibuffer toggle is
+     * disabled.  It's useless since inserting files is disabled. */
    if (!ISSET(RESTRICTED))
 	toggle_init_one(TOGGLE_MULTIBUFFER_KEY, toggle_multibuffer_msg, MULTIBUFFER);
 #endif
@ -285,11 +287,17 @@ void toggle_init(void)
    toggle_init_one(TOGGLE_WRAP_KEY, toggle_wrap_msg, NO_WRAP);
 #endif
    toggle_init_one(TOGGLE_CUTTOEND_KEY, toggle_cuttoend_msg, CUT_TO_END);
+    /* If we're using restricted mode, the suspend toggle is disabled.
+     * It's useless since suspending is disabled. */
    if (!ISSET(RESTRICTED))
 	toggle_init_one(TOGGLE_SUSPEND_KEY, toggle_suspend_msg, SUSPEND);
 #ifndef DISABLE_MOUSE
    toggle_init_one(TOGGLE_MOUSE_KEY, toggle_mouse_msg, USE_MOUSE);
 #endif
+    /* If we're using restricted mode, the no-conversion, DOS format,
+     * Mac format, and backup toggles are disabled.  The first, second,
+     * and third are useless since inserting files is disabled, and the
+     * fourth is useless since backups are disabled. */
    if (!ISSET(RESTRICTED)) {
 	toggle_init_one(TOGGLE_NOCONVERT_KEY, toggle_noconvert_msg, NO_CONVERT);
 	toggle_init_one(TOGGLE_DOS_KEY, toggle_dos_msg, DOS_FILE);
@ -482,7 +490,11 @@ void shortcut_init(int unjustify)
 #endif
 		);

-    /* this is so we can view multiple files */
+    /* We allow inserting files in view mode if multibuffers are
+     * available, so that we can view multiple files. */
+    /* If we're using restricted mode, inserting files is disabled since
+     * it allows reading from or writing to files not specified on the
+     * command line. */
    /* Translators: try to keep this string under 10 characters long */
    sc_init_one(&main_list, NANO_INSERTFILE_KEY, _("Read File"),
 		IFHELP(nano_insert_msg, NANO_NO_KEY), NANO_INSERTFILE_FKEY,
@ -530,6 +542,9 @@ void shortcut_init(int unjustify)
 		IFHELP(nano_cursorpos_msg, NANO_NO_KEY), NANO_CURSORPOS_FKEY,
 		NANO_NO_KEY, VIEW, do_cursorpos_void);

+    /* If we're using restricted mode, spell checking is disabled
+     * because it allows reading from or writing to files not specified
+     * on the command line. */
    /* Translators: try to keep this string under 10 characters long */
    sc_init_one(&main_list, NANO_SPELL_KEY, _("To Spell"),
 		IFHELP(nano_spell_msg, NANO_NO_KEY), NANO_SPELL_FKEY,
@ -854,6 +869,8 @@ void shortcut_init(int unjustify)
 		);

 #ifndef DISABLE_BROWSER
+    /* If we're using restricted mode, the file browser is disabled.
+     * It's useless since inserting files is disabled. */
    /* Translators: try to keep this string under 16 characters long */
    if (!ISSET(RESTRICTED))
 	sc_init_one(&writefile_list, NANO_TOFILES_KEY, _("To Files"),
@ -862,6 +879,12 @@ void shortcut_init(int unjustify)
 #endif

 #ifndef NANO_SMALL
+    /* If we're using restricted mode, the DOS format, Mac format,
+     * append, prepend, and backup toggles are disabled.  The first and
+     * second are useless since inserting files is disabled, the third
+     * and fourth are disabled because they allow writing to files not
+     * specified on the command line, and the fifth is useless since
+     * backups are disabled. */
    /* Translators: try to keep this string under 16 characters long */
    if (!ISSET(RESTRICTED))
 	sc_init_one(&writefile_list, NANO_NO_KEY, _("DOS Format"),
@ -916,6 +939,8 @@ void shortcut_init(int unjustify)
 		NANO_NO_KEY, VIEW, 0);

 #ifndef DISABLE_BROWSER
+    /* If we're using restricted mode, the file browser is disabled.
+     * It's useless since inserting files is disabled. */
    if (!ISSET(RESTRICTED))
 	sc_init_one(&insertfile_list, NANO_TOFILES_KEY, _("To Files"),
 		IFHELP(nano_tofiles_msg, NANO_NO_KEY), NANO_NO_KEY,
@ -923,6 +948,8 @@ void shortcut_init(int unjustify)
 #endif

 #ifndef NANO_SMALL
+    /* If we're using restricted mode, command execution is disabled.
+     * It's useless since inserting files is disabled. */
    /* Translators: try to keep this string under 22 characters long */
    if (!ISSET(RESTRICTED))
 	sc_init_one(&insertfile_list, NANO_EXTCMD_KEY, _("Execute Command"),
@ -930,6 +957,8 @@ void shortcut_init(int unjustify)
 		NANO_NO_KEY, NOVIEW, 0);

 #ifdef ENABLE_MULTIBUFFER
+    /* If we're using restricted mode, the multibuffer toggle is
+     * disabled.  It's useless since inserting files is disabled. */
    /* Translators: try to keep this string under 22 characters long */
    if (!ISSET(RESTRICTED))
 	sc_init_one(&insertfile_list, NANO_NO_KEY, _("New Buffer"),
--- a/src/nano.c
+++ b/src/nano.c
@ -155,7 +155,9 @@ void die_save_file(const char *die_filename)
    char *ret;
    int i = -1;

-    /* No emergency files in restricted mode! */
+    /* If we're using restricted mode, don't write any emergency backup
+     * files, since that would allow reading from or writing to files
+     * not specified on the command line. */
    if (ISSET(RESTRICTED))
 	return;

@ -3270,12 +3272,14 @@ int main(int argc, char *argv[])
 	}
    }

-    /* If filename starts with 'r', we use restricted mode. */
+    /* If the executable filename starts with 'r', we use restricted
+     * mode. */
    if (*(tail(argv[0])) == 'r')
 	SET(RESTRICTED);

-    /* If we're using restricted mode, disable suspending, backup files,
-     * and reading rcfiles. */
+    /* If we're using restricted mode, disable suspending, backups, and
+     * reading rcfiles, since they all would allow reading from or
+     * writing to files not specified on the command line. */
    if (ISSET(RESTRICTED)) {
 	UNSET(SUSPEND);
 	UNSET(BACKUP_FILE);
@ -3368,9 +3372,10 @@ int main(int argc, char *argv[])

 #ifndef NANO_SMALL
    /* Set up the backup directory (unless we're using restricted mode,
-     * in which case backups are disabled).  This entails making sure it
-     * exists and is a directory, so that backup files will be saved
-     * there. */
+     * in which case backups are disabled, since they would allow
+     * reading from or writing to files not specified on the command
+     * line).  This entails making sure it exists and is a directory, so
+     * that backup files will be saved there. */
    if (!ISSET(RESTRICTED))
 	init_backup_dir();
 #endif
@ -3392,9 +3397,10 @@ int main(int argc, char *argv[])

 #ifndef DISABLE_SPELLER
    /* If we don't have an alternative spell checker after reading the
-     * command line and/or rcfile, check $SPELL for one, as Pico
+     * command line and/or rcfile(s), check $SPELL for one, as Pico
     * does (unless we're using restricted mode, in which case spell
-     * checking is disabled). */
+     * checking is disabled, since it would allow reading from or
+     * writing to files not specified on the command line). */
    if (!ISSET(RESTRICTED) && alt_speller == NULL) {
 	char *spellenv = getenv("SPELL");
 	if (spellenv != NULL)
--- a/src/winio.c
+++ b/src/winio.c
@ -1558,6 +1558,11 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
       input */
    wrefresh(edit);

+    /* If we're using restricted mode, we aren't allowed to change the
+     * name of a file once it has one because that would allow writing
+     * to files not specified on the command line.  In this case,
+     * disable all keys that would change the text if the filename isn't
+     * blank and we're at the "Write File" prompt. */
    while ((kbinput = get_kbinput(bottomwin, &meta_key)) != NANO_ENTER_KEY) {
 	for (t = s; t != NULL; t = t->next) {
 #ifdef DEBUG
@ -1620,6 +1625,8 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
 		x++;
 	    break;
 	case NANO_DELETE_KEY:
+	    /* If we're using restricted mode, the filename isn't blank,
+	     * and we're at the "Write File" prompt, disable Delete. */
 	    if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) {
 		if (x < xend) {
 		    charmove(answer + x, answer + x + 1, xend - x);
@ -1629,6 +1636,9 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
 	    break;
 	case NANO_CUT_KEY:
 	case NANO_UNCUT_KEY:
+	    /* If we're using restricted mode, the filename isn't blank,
+	     * and we're at the "Write File" prompt, disable Cut and
+	     * UnCut. */
 	    if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) {
 		null_at(&answer, 0);
 		xend = 0;
@ -1636,6 +1646,9 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
 	    }
 	    break;
 	case NANO_BACKSPACE_KEY:
+	    /* If we're using restricted mode, the filename isn't blank,
+	     * and we're at the "Write File" prompt, disable
+	     * Backspace. */
 	    if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) {
 		if (x > 0) {
 		    charmove(answer + x - 1, answer + x, xend - x + 1);
@ -1780,6 +1793,10 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
 			return kbinput;
 		}

+	    /* If we're using restricted mode, the filename isn't blank,
+	     * and we're at the "Write File" prompt, act as though the
+	     * unhandled character we got is a control character and
+	     * throw it away. */
 	    if (is_cntrl_char(kbinput) || (ISSET(RESTRICTED) && filename[0] != '\0' && s == writefile_list))
 		break;
 	    answer = charealloc(answer, xend + 2);