WebRFM version 0.4 (beta) - released December 18, 1999 ======================================================== Added features: 1) WebRFM now has chgrp capability. It is available through the same file properties sheet from which chmod capability is provided. Administrators can disable the ability of users to chgrp files through an appropriate $AllowChgrp variable. 2) WebRFM can now work with Perl 4 (tested with Perl 4.036 on Red Hat Linux 5.1). This yields a performance gain of around 30% in comparison to the more bloated Perl 5. However, operation with Perl 4 had not yet been thoroughly tested, and so, if stability is important, it is recommended to run the current version with Perl 5 (if available). Bug fixes: 1) All previous versions of WebRFM had a bug that allowed users to access files outside of their virtual root directories. This would be hard to do by accident, or in the course of regular usage, but a malicious would-be cracker might be able to discover how to do that. This problem is fixed now. 2) A few more minor bugs where fixed. Changes and improvements: 1) WebRFM now detects if a user has the ability to change file properties (mode and/or group) and it would provide a form interface for changing properties only if those properties can actually be changed by the user. For example, if the user does not own a file, then the properties sheet he gets for it would be completely static. 2) Some code cleanup. In particular, some code that was intended to provide native support to Win32 platforms had been removed. The plan to make WebRFM run natively on Win32 had been canceled (for now, at least). In theory, WebRFM should be able to run on Win32 machines by using Cygwin32 (or some similar layer that emulates a UNIX-like environment). This had not yet been tested, though. WebRFM version 0.3b (beta) - released December 7, 1999 ======================================================== This is the first feature-complete beta release of WebRFM. Added features: 1) WebRFM now has chmod capability through an enhanced properties sheet. Administrators can disable the ability of users to chmod files through an appropriate $AllowChmod variable. The properties sheet is accessed by clicking the 'Properties' button of the File Manager. It can also be accessed independently, by appending the query string '?properties' to the URL of a resource. 2) A user option to hide hidden files had been added (like all user options in WebRFM, it can be forced by the administrator). 3) There are now two, user selectable, different styles for plain directory indexes. One is purely text based (essentially the same as the one in the previous release) and the other uses internal Netscape icons (works well with Netscape, HotJava, StarOffice, but not with most other browsers). 4) WebRFM now comes with two sample wrapper scripts that can be used for logging. They are located in WebRFM's 'scripts' directory. While it is possible to use these scripts as they are (for debugging or other purposes), they are particularly intended as an example of how the Perl 'eval()' function should be used in order to trap and log errors from WebRFM. Please note that if you just want to prevent WebRFM from filling your CGI error-log with its messages, you should simply close its STDERR by uncommenting the line # close(STDERR); at the beginning of the main script. Bug fixes: 1) The wrfmwrap.c wrapper didn't compile on some commercial UNIX variants, due to its use of the non-POSIX 'setenv' function. The new version of the wrapper is POSIX-compliant, and should work well on all unices. 2) Various additional minor bugs where fixed. Changes and improvements: Quite a lot of code changes where made. Most of them should not have a notable effect on user experience, and they are mostly geared towards making WebRFM a better code base for creating customized variants. The most important change is the addition of an internal access control engine. It works through 6 functions (IsReadable*, IsWritable*, and IsCreatable*, where * is either a file or a directory) that are located in the upper portion of the main script and are checked throughout WebRFM prior to performing any of the corresponding operations. In the shipping state of WebRFM, these functions are mostly just verifying the existing UNIX permissions (although there may be some rare situations where they would forbid things that where previously allowed) and provide slightly improved error messages. The main purpose of this mechanism, however, is to make it easy to add various administrative restrictions to WebRFM. For example, it is now very easy to restrict the depth of directory trees, the length of filenames, the kind of file extensions, etc., that may be created with WebRFM. One only needs to customize the appropriate IsCreatable* function. This access control engine should also make it easy to add file locking capability in the future. There is also a new 'IsHidden()' function, that can be customized to hide files based on arbitrary criteria. The MIME table that comes with WebRFM had been enhanced and enlarged. It is now a superset of the default table that comes with Apache 1.3.9. Various mild changes where made to the File Manager. The most notable is the addition of a '.' (current directory) entry. WebRFM version 0.2a (alpha) - released July 10, 1999 ====================================================== Added feature: WebRFM now has a "Plain Index" mode which provides plain directory indexing. Easy switching between "File Manager" mode and "Plain Index" mode is done through links in the upper right corner. "Plain Index" mode can make WebRFM behave more like a vanilla WebDAV server and it can often be more convenient than the "File Manager" for browsing directory trees and some other things. Change: "Default Request Method" selection is now done with a radio button. Bug fixes: 1) Files that where uploaded (through the form-based interface) from some WinDOS clients where being saved with bad filenames (names that correspond to their full WinDOS pathname on the client with the backward slashes removed). Fixed. 2) Added a workaround for buggy JavaScript implementations. WebRFM should now work with some would be JavaScript browsers that where previously causing problems. 3) Per-user MIME tables where not getting created before they actually got used, resulting in an error message if a user invoked "Options" before retrieving any files. They would now also get transparently created when "Options" is invoked (and they do not exist), so this problem should no longer occur. 4) Several more minor bugs where fixed. Most of them had the potential of causing problems in some situations involving filenames that contain special (non-alphanumeric) characters. WebRFM version 0.1a (alpha) - released May 7, 1999 ====================================================== First public release.