diff --git a/ChangeLog b/ChangeLog
index ddb116ca01725d408372daa5a308849fdcb7df14..ab0dd1371282ea1d95d00379eeb7ef0622d3bfb1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -91,6 +91,8 @@ CVS code -
need_vertical_update(), edit_scroll(), and edit_redraw().
Also rename the int refresh in do_delete() and do_backspace()
to do_refresh so as not to conflict with refresh(). (DLR)
+ - Add some comments better explaining what is disabled in
+ restricted mode and why. (DLR)
- files.c:
add_open_file()
- Rearrange the NANO_SMALL #ifdef so that the code to set the
diff --git a/src/files.c b/src/files.c
index c958be6165ef7ddee45f7f69ee93340199e96300..333c9fd63f472cc1e43f05b14ff15c72e0facc82 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1930,6 +1930,11 @@ int do_writeout(int exiting)
i = do_yesno(FALSE, _("File exists, OVERWRITE ?"));
if (i == 0 || i == -1)
continue;
+ /* If we're using restricted mode, we aren't allowed to
+ * change the name of a file once it has one because that
+ * would allow reading from or writing to files not
+ * specified on the command line. In this case, don't
+ * bother showing the "Different Name" prompt. */
} else if (!ISSET(RESTRICTED) && filename[0] != '\0'
#ifndef NANO_SMALL
&& (exiting || !ISSET(MARK_ISSET))
@@ -1942,8 +1947,10 @@ int do_writeout(int exiting)
}
#ifndef NANO_SMALL
- /* Here's where we allow the selected text to be written to
- * a separate file. */
+ /* Here's where we allow the selected text to be written to a
+ * separate file. If we're using restricted mode, this is
+ * disabled since it allows reading from or writing to files not
+ * specified on the command line. */
if (!ISSET(RESTRICTED) && !exiting && ISSET(MARK_ISSET))
i = write_marked(answer, FALSE, append);
else
diff --git a/src/global.c b/src/global.c
index fbe3e823c19b4a61bcb17592c3db49ec69cad152..48e997fa5c736de343eadaa33e6ebaf6cd04549f 100644
--- a/src/global.c
+++ b/src/global.c
@@ -276,6 +276,8 @@ void toggle_init(void)
toggle_init_one(TOGGLE_NOHELP_KEY, toggle_nohelp_msg, NO_HELP);
#ifdef ENABLE_MULTIBUFFER
+ /* If we're using restricted mode, the multibuffer toggle is
+ * disabled. It's useless since inserting files is disabled. */
if (!ISSET(RESTRICTED))
toggle_init_one(TOGGLE_MULTIBUFFER_KEY, toggle_multibuffer_msg, MULTIBUFFER);
#endif
@@ -285,11 +287,17 @@ void toggle_init(void)
toggle_init_one(TOGGLE_WRAP_KEY, toggle_wrap_msg, NO_WRAP);
#endif
toggle_init_one(TOGGLE_CUTTOEND_KEY, toggle_cuttoend_msg, CUT_TO_END);
+ /* If we're using restricted mode, the suspend toggle is disabled.
+ * It's useless since suspending is disabled. */
if (!ISSET(RESTRICTED))
toggle_init_one(TOGGLE_SUSPEND_KEY, toggle_suspend_msg, SUSPEND);
#ifndef DISABLE_MOUSE
toggle_init_one(TOGGLE_MOUSE_KEY, toggle_mouse_msg, USE_MOUSE);
#endif
+ /* If we're using restricted mode, the no-conversion, DOS format,
+ * Mac format, and backup toggles are disabled. The first, second,
+ * and third are useless since inserting files is disabled, and the
+ * fourth is useless since backups are disabled. */
if (!ISSET(RESTRICTED)) {
toggle_init_one(TOGGLE_NOCONVERT_KEY, toggle_noconvert_msg, NO_CONVERT);
toggle_init_one(TOGGLE_DOS_KEY, toggle_dos_msg, DOS_FILE);
@@ -482,7 +490,11 @@ void shortcut_init(int unjustify)
#endif
);
- /* this is so we can view multiple files */
+ /* We allow inserting files in view mode if multibuffers are
+ * available, so that we can view multiple files. */
+ /* If we're using restricted mode, inserting files is disabled since
+ * it allows reading from or writing to files not specified on the
+ * command line. */
/* Translators: try to keep this string under 10 characters long */
sc_init_one(&main_list, NANO_INSERTFILE_KEY, _("Read File"),
IFHELP(nano_insert_msg, NANO_NO_KEY), NANO_INSERTFILE_FKEY,
@@ -530,6 +542,9 @@ void shortcut_init(int unjustify)
IFHELP(nano_cursorpos_msg, NANO_NO_KEY), NANO_CURSORPOS_FKEY,
NANO_NO_KEY, VIEW, do_cursorpos_void);
+ /* If we're using restricted mode, spell checking is disabled
+ * because it allows reading from or writing to files not specified
+ * on the command line. */
/* Translators: try to keep this string under 10 characters long */
sc_init_one(&main_list, NANO_SPELL_KEY, _("To Spell"),
IFHELP(nano_spell_msg, NANO_NO_KEY), NANO_SPELL_FKEY,
@@ -854,6 +869,8 @@ void shortcut_init(int unjustify)
);
#ifndef DISABLE_BROWSER
+ /* If we're using restricted mode, the file browser is disabled.
+ * It's useless since inserting files is disabled. */
/* Translators: try to keep this string under 16 characters long */
if (!ISSET(RESTRICTED))
sc_init_one(&writefile_list, NANO_TOFILES_KEY, _("To Files"),
@@ -862,6 +879,12 @@ void shortcut_init(int unjustify)
#endif
#ifndef NANO_SMALL
+ /* If we're using restricted mode, the DOS format, Mac format,
+ * append, prepend, and backup toggles are disabled. The first and
+ * second are useless since inserting files is disabled, the third
+ * and fourth are disabled because they allow writing to files not
+ * specified on the command line, and the fifth is useless since
+ * backups are disabled. */
/* Translators: try to keep this string under 16 characters long */
if (!ISSET(RESTRICTED))
sc_init_one(&writefile_list, NANO_NO_KEY, _("DOS Format"),
@@ -916,6 +939,8 @@ void shortcut_init(int unjustify)
NANO_NO_KEY, VIEW, 0);
#ifndef DISABLE_BROWSER
+ /* If we're using restricted mode, the file browser is disabled.
+ * It's useless since inserting files is disabled. */
if (!ISSET(RESTRICTED))
sc_init_one(&insertfile_list, NANO_TOFILES_KEY, _("To Files"),
IFHELP(nano_tofiles_msg, NANO_NO_KEY), NANO_NO_KEY,
@@ -923,6 +948,8 @@ void shortcut_init(int unjustify)
#endif
#ifndef NANO_SMALL
+ /* If we're using restricted mode, command execution is disabled.
+ * It's useless since inserting files is disabled. */
/* Translators: try to keep this string under 22 characters long */
if (!ISSET(RESTRICTED))
sc_init_one(&insertfile_list, NANO_EXTCMD_KEY, _("Execute Command"),
@@ -930,6 +957,8 @@ void shortcut_init(int unjustify)
NANO_NO_KEY, NOVIEW, 0);
#ifdef ENABLE_MULTIBUFFER
+ /* If we're using restricted mode, the multibuffer toggle is
+ * disabled. It's useless since inserting files is disabled. */
/* Translators: try to keep this string under 22 characters long */
if (!ISSET(RESTRICTED))
sc_init_one(&insertfile_list, NANO_NO_KEY, _("New Buffer"),
diff --git a/src/nano.c b/src/nano.c
index 3109bacb3734d9137921da8c1109c271d998760e..0d87251decda731dcdcbb7b2f7f0628d3bf9393f 100644
--- a/src/nano.c
+++ b/src/nano.c
@@ -155,7 +155,9 @@ void die_save_file(const char *die_filename)
char *ret;
int i = -1;
- /* No emergency files in restricted mode! */
+ /* If we're using restricted mode, don't write any emergency backup
+ * files, since that would allow reading from or writing to files
+ * not specified on the command line. */
if (ISSET(RESTRICTED))
return;
@@ -3270,12 +3272,14 @@ int main(int argc, char *argv[])
}
}
- /* If filename starts with 'r', we use restricted mode. */
+ /* If the executable filename starts with 'r', we use restricted
+ * mode. */
if (*(tail(argv[0])) == 'r')
SET(RESTRICTED);
- /* If we're using restricted mode, disable suspending, backup files,
- * and reading rcfiles. */
+ /* If we're using restricted mode, disable suspending, backups, and
+ * reading rcfiles, since they all would allow reading from or
+ * writing to files not specified on the command line. */
if (ISSET(RESTRICTED)) {
UNSET(SUSPEND);
UNSET(BACKUP_FILE);
@@ -3368,9 +3372,10 @@ int main(int argc, char *argv[])
#ifndef NANO_SMALL
/* Set up the backup directory (unless we're using restricted mode,
- * in which case backups are disabled). This entails making sure it
- * exists and is a directory, so that backup files will be saved
- * there. */
+ * in which case backups are disabled, since they would allow
+ * reading from or writing to files not specified on the command
+ * line). This entails making sure it exists and is a directory, so
+ * that backup files will be saved there. */
if (!ISSET(RESTRICTED))
init_backup_dir();
#endif
@@ -3392,9 +3397,10 @@ int main(int argc, char *argv[])
#ifndef DISABLE_SPELLER
/* If we don't have an alternative spell checker after reading the
- * command line and/or rcfile, check $SPELL for one, as Pico
+ * command line and/or rcfile(s), check $SPELL for one, as Pico
* does (unless we're using restricted mode, in which case spell
- * checking is disabled). */
+ * checking is disabled, since it would allow reading from or
+ * writing to files not specified on the command line). */
if (!ISSET(RESTRICTED) && alt_speller == NULL) {
char *spellenv = getenv("SPELL");
if (spellenv != NULL)
diff --git a/src/winio.c b/src/winio.c
index ab0d0dd12d7e8948414fd7932f9f8c6850cbae07..df87bb54475cf3e6562c38465f42fa183fec280f 100644
--- a/src/winio.c
+++ b/src/winio.c
@@ -1558,6 +1558,11 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
input */
wrefresh(edit);
+ /* If we're using restricted mode, we aren't allowed to change the
+ * name of a file once it has one because that would allow writing
+ * to files not specified on the command line. In this case,
+ * disable all keys that would change the text if the filename isn't
+ * blank and we're at the "Write File" prompt. */
while ((kbinput = get_kbinput(bottomwin, &meta_key)) != NANO_ENTER_KEY) {
for (t = s; t != NULL; t = t->next) {
#ifdef DEBUG
@@ -1620,6 +1625,8 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
x++;
break;
case NANO_DELETE_KEY:
+ /* If we're using restricted mode, the filename isn't blank,
+ * and we're at the "Write File" prompt, disable Delete. */
if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) {
if (x < xend) {
charmove(answer + x, answer + x + 1, xend - x);
@@ -1629,6 +1636,9 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
break;
case NANO_CUT_KEY:
case NANO_UNCUT_KEY:
+ /* If we're using restricted mode, the filename isn't blank,
+ * and we're at the "Write File" prompt, disable Cut and
+ * UnCut. */
if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) {
null_at(&answer, 0);
xend = 0;
@@ -1636,6 +1646,9 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
}
break;
case NANO_BACKSPACE_KEY:
+ /* If we're using restricted mode, the filename isn't blank,
+ * and we're at the "Write File" prompt, disable
+ * Backspace. */
if (!ISSET(RESTRICTED) || filename[0] == '\0' || s != writefile_list) {
if (x > 0) {
charmove(answer + x - 1, answer + x, xend - x + 1);
@@ -1780,6 +1793,10 @@ int nanogetstr(int allowtabs, const char *buf, const char *def,
return kbinput;
}
+ /* If we're using restricted mode, the filename isn't blank,
+ * and we're at the "Write File" prompt, act as though the
+ * unhandled character we got is a control character and
+ * throw it away. */
if (is_cntrl_char(kbinput) || (ISSET(RESTRICTED) && filename[0] != '\0' && s == writefile_list))
break;
answer = charealloc(answer, xend + 2);