HTML::EP::Explorer - Web driven browsing of a filesystem


    This application was developed for DHW, a german company that
    wanted to give its users access to files stored on a file server
    via certain applications defined by an administrator. (See

    if you are interested in the sponsor.) The rough idea is as

    The users are presented a view similar to that of the Windows
    Explorer or an FTP servers directory listing. On the top they
    have a list of so-called actions. The users may select one or
    more files and then execute an action on them.

    The system is based on my embedded HTML system HTML::EP. It
    should be available at the same place where you found this file,
    or at any CPAN mirror, in particular

    The installation of HTML::EP is described in detail in the
    README, I won't explain it here. However, in short it is just as
    installing HTML::EP::Explorer: Assumed you have a file


    then you have to execute the following steps:

      gzip -cd HTML-EP-Explorer-0.1003.tar.gz | tar xf -
      perl Makefile.PL
      make          # You will be prompted some questions here
      make test
      make install

    Installation will in particular create a file


    which will contain your answers to the following questions:

    *       Install HTML files?

            If you say *y* here (the default), the installation
            script will install some HTML files at a location
            choosed by you. Usually you will say yes, because the
            system is pretty useless without it's associated HTML
            files. However, if you already did install the system
            and modified the HTML files you probably want to avoid
            overriding them. In that case say *n*.

    *       Directory for installing HTML files?

            If you requested installing the HTML files, you have to
            choose a location. By default the program suggests


            which is fine on a Red Hat Linux box. Users of other
            systems will modify this to some path below your your
            web servers root directory.

    *       Directory for installing CGI binaries?

            If HTML files are installed, you must install some CGI
            binaries too. This question allows you to select an
            installation path, by default the subdirectory cgi
            within the directory for installing HTML files.

            Note that you need to configure the httpd so that it
            treats this directory as a CGI directory. For example
            Apache users may add the following to srm.conf:

              ScriptAlias /home/httpd/html/explorer/cgi

    *       UID the httpd is running as?

            The explorer scripts need write access to some files, in
            particular the configuration created by the site
            administrator. To enable write access, these files are
            owned by the Unix user you enter here, by default the
            user *nobody*.

            In most cases this will be the same user that your httpd
            is running as, but it might be different, for example if
            your Apache is using the suexec feature. Contact your
            webmaster for details.

    If you didn't already do so, configure your web server for
    feeding files with extension *.ep* into the CGI binary *ep.cgi*
    or into the mod_perl module *Apache::EP*. The README of HTML::EP
    tells you how. See the HTML::EP(3) manpage.

    That's it! Assuming the directory /home/httpd/html/explorer is
    reachable as /explorer in your browser, point it to


    You should now see a directory listing. If so, proceed to the
    CONFIGURATION manpage.

    Besides the questions you already answered when installing the
    explorer, the system is configurable via any Web browser.
    Assuming the Explorer is reachable below
    http://localhost/explorer/, Point your browser to


  Security considerations

    The first thing you probably notice is that you need not supply
    a password for accessing this page. This should be changed. A
    typical configuration requests that only the user root can visit
    this page. For example, with Apache, you could insert the
    following into your httpd.conf:

      <Location /explorer/admin>
        AuthUserFile /etc/passwd
        AuthName "Explorer Administration"
        AuthTyoe basic
        require user root

    (Of course one can discuss whether this is a secure thing, as it
    could allow deducing the root password by using some sort of
    crack mechanism. On the systems where I use it there ary
    typically lots of other possibilities for doing the same ... :-)

  E-Mail address of the administrator

    From time to time the system will use this address for sending
    emails to you.


    This is the explorers heart. Actions are merely shell scripts,
    to which the files will be fed, that your users have selected.

    To create an action, fill out the following fields:

        This is some short text that your users will see on the web
        frontend. For example, it could be *Printing on the

        This (optional) entry means that the explorer will use the
        named image file to display it instead of the name above.
        For example, this could be a small gif with the word
        *LaserJet* on it.

        You must supply an URL here. If you are using Apache, then a
        lot of nice icons are accessible in your httpd's icons
        directory. See the README file.

        This is a shell command that the explorer will execute for
        performing the action. The command may use the variables
        *file* (the filename) or *user* (the users name). For
        example, one could use

          lpr -Plaserjet -U $user $file

        The user name is deduced by looking at the environment
        variable *REMOTE_USER*: If your directory */explorer* is
        password protected, then this variable will contain the
        users name as set by the web server. If the variable is
        empty, then the user name *anonymous* is used.

        Don't try to protect the user or file name with quotes: The
        Explorer will use Perl's *quotemeta* function to secure
        these variables. For example, if your tricky users supply a
        file name

          `rm -rf /`

        then the Explorer will run the command

          lpr -Plaserjet -U anonymous \`rm\ -rf \/\`

        which is safe. See the perlsec manpage for more details on
        security considerations with Perl.

        If your script command is able to process multiple files
        with one command, then you may prefer

          lpr -Plaserjet -U $user $files

        The Explorer will detect that you are using $files and not
        $file and will run a single command.

    Status script
        Similar to the action script, this one will try to guess the
        current status. A typical command might be

          lpq -Plaserjet -U $user

        The status script is suggested to produce output looking
        like that of lpq.

        Path of a logfile to view

    Note that you see only one (empty) action at the start: If you
    fill it out and hit *Save settings*, then a second (empty) row
    will appear automatically. To be precise, you will always have
    one empty row at the bottom.

    Actions can be removed by just blanking out the name and hitting
    *Save settings*.

  Status cache

    To save CPU time, you might like to make use of the Status
    cache. By setting this variable to a certain number of seconds,
    say 300, the Explorer will not always run the status script.
    Instead it will create a cache file in the subdirectory status
    and save the status script's output there. When the status is
    queried the next time, this cache file will be used, unless the
    cache file's modification time is more that the given number of
    seconds in the past. In that case a new cache file will be
    created by running the status script again.

  Initial directories

    In most cases you are not interested in giving your users access
    to the whole directory tree. For example, if your users use a
    Samba server to place files on your machine, than the Explorer
    should probably restrict your users to the Samba servers files.

    To create an initial directory, fill out the following fields:

        This is a verbose name that your users will see instead of
        the directory path. For example, it could be a Samba share

        The real directory path.

    By default your users will still be able to access files outside
    of the initial directories and these paths are only suggestions.
    This can be changed by disabling *Allow access to other

    Again, you will always see one empty directory at the bottom of
    the list. To create a new directory just fill this out and hit
    *Save Settings*. Wipe out the name for removing an existing

  File types

    People are used to see only certain files when selecting them
    for actions. For example, when opening an existing document in
    Microsoft Word, then you will by default see only files with
    extension *.doc*.

    A file type can be created by filling out the following fields:

        This is a description of the file type, that your users will
        see. For example, it could be

          PostScript files (*.ps)


          All Files (*)

        This is an (optional) icon to use for showing the file type.
        For example, it could be




        (Note that these are indeed meaningful settings with any
        default Apache installation, because Apache has a lot of
        icons included. See the file icons/README from the Apache

    Regular Expression
        This is a Perl Regular Expression which files must match in
        order to be of this type. For example it could be


        for PostScript files, PDF files, PostScript or PDF files or
        all files. See the perlre(3) manpage for details on Perl's
        regular expressions.

    When modifying the explorer, you should know about the following

  Initializing the Explorer

    Probably any HTML page using the explorer system should contain
    the following:

      <ep-package name=HTML::EP::Explorer accept="de,en">
      <ep-explorer-init noprefs=0>

    The *_ep_explorer_init* method is initializing the users cookie.
    First it verifies, whether the user already has an explorer
    cookie set. If not, the user will be redirected to the
    *prefs.ep* page, unless the attribute *noprefs* is set. This
    page will allow him to fix his personal settings and return to
    the calling page.

    The explorer class is a subclass of both *HTML::EP::Locale* and
    *HTML::EP::Session*. That means that the locale settings are
    still valid in the *ep-package* call (in particular the *accept*
    attribute that tells this page is ready for either german, aka
    de, or english). Likewise the attributes of *ep-session* are
    valid in the *ep-explorer-init* call. the HTML::EP(3) manpage.
    the HTML::EP::Session(3) manpage.

  Reading and/or writing the admin settings

    Within admin/prefs.ep and some other pages, you find the
    following call:

      <ep-explorer-config file="" maysafe=0>

    which read the admin settings from an external file, by default The settings will instead be read from the CGI input
    and saved into the same file, if the CGI variable *save* and the
    attribute *maysafe* are true. (The latter should happen within
    the amdin dirctory only.)

    The method will set the following EP variables:

        The config hash ref, as read from the file

        The list of actions. Shortcut for $config->actions$. An
        action looks like

          { 'name' => 'Print to lp',
            'icon' => '/icons/lp.gif', # May be undef
            'script' => 'lpr -Plp -U $user $file'

        The list of directories. Shortcut for $self->{'config'}-
        >{'directories'}. A directory looks like

          { 'name' => 'Root directory',
            'dir' => '/'

        The list of file types. Shortcut for $self->{'config'}-
        >{'filetypes'}. A file type looks like

          { 'name' => 'PostScript files (*.ps)'
            'icon' => '/icons/ps.gif', # May be undef
            're' => '\.ps$'

        The number of elements in $self->{'directories'}. May be 0.

  Reading and/or writing the users settings

    The users settings can be read and/or written by calling


    This will call *_ep_explorer_init* internally, by setting the
    *noprefs* attribute to true. If either of the CGI variables
    *save* or *save_and_return* is set, it will read the users new
    settings from the CGI environment by running $self->ReadPrefs
    and store the session (that is, return a cookie) by calling *ep-

    If the current oage is called from another page (that is, the
    CGI variable *return_to* is set to the calling page) and the CGI
    variable *save_and_return* is set, then the calling page is
    included with *ep-include*.

  Setting the Explorers current directory

    The method


    will read the users current directory from the session or CGI
    variable *basedir*. The current directory will be compared
    against the list of initial directories and the following EP
    variables will be set:

        The selected current directory. If this is different from
        $session-basedir> then the latter will be modified and
        $modified$ will be set.

        True, if the current directory is one of the initial
        directories or in /, False otherwise.

        If the current directory is below one of the initial
        directories, then this variable will contain the associated
        element from the directory list. That is $in_base_dir->name$
        is set to the name of this initial directory and
        $in_base_dir->dir$ the path.

        Otherwise the variable is set to undef. If this is the case
        and the administrator has set "Allow access outside initial
        directories" to True, then a system error is triggered.

        If $in_base_dir$ is set, then this variable is set to the
        current directories path, relative to the directory from
        $in_base_dir$. For example, if you are in /usr/local/bin and
        the initial directory is /usr/local, then the display
        directory is /bin.

  Setting the sorting mode

    The method


    attempts to guess the requested sorting mode from the CGI or
    session variable *sortby*. The guessed mode (by default *name*)
    will be stored in $sortby$. If this is different from $session-
    >sortby$, then the latter becomes set to the new value and
    $modified$ is set.

  Setting the file type

    The method


    attempts to guess the file type that the user requests (That is,
    whether the user wants to see only certain files.) by looking at
    the CGI or session variable *filetype*. By default the first
    file type from the list $filetypes$ is choosen. If no list is
    set, then all files become selected.

    If a file type was choosen, the file type is stored in
    $filetype$. and $filetype->selected$ is set to true. (Note, you
    must not call *ep-explorer-config* later!) If $filetype->name$
    is different from $session->filetype$, then the latter is
    modified and $modified$ is set to true.

  Creating the directory listing

    The listing becomes created with

      <ep-set var=dir_template>
        <tr><td><!-- HTML code for listing a directory
                     You may assume that $l$ is an instance of
      <ep-set var=file_template>
        <tr><td><!-- HTML code for listing a file
                     You may assume that $l$ is an instance of
      <ep-explorer-browse basedir="$env->DOCUMENT_ROOT$" item=l>

    The method is calling *ep-explorer-basedir*, *ep-explorer-
    filetype* and *ep-explorer-sortby* internally. Then a directory
    listing is created and sorted, according to these methods

    Finally, HTML code is generated for any item in the list by
    using the templates $dir_template$ or $file_template$, depending
    on the items type.

  Performing an action

    The method

      <p>I will execute the following command:</p>
        <ep-explorer-action action="myaction" file="myfile" execute=0>
      Here you can see the output:
        <ep-explorer-action action="myaction" file="myfile" execute=1>

    performs an action, as requested by the user. The method is
    reading an action name from the CGI variable *faction* or the
    attribute *faction*. The corresponding action, if any, is stored
    in $action$. If no action is found, a system error is triggered.

    Then the method is looking for either of the CGI variable
    *files* or the attribute *files*. If this is set, it is treated
    as a blank separated list of file names. (Tab, Carriage return
    etc. are counting as blanks.)

    Otherwise the method expects a single file name in the CGI
    variable *file* or the attribute *file*. If neither is set, a
    system error is triggered.

    If the attribute *execute* is set to false, then no commands are
    executed. Instead the method returns the commands being
    executed. Otherwise the command is executed and the output

    This module is

        Copyright (C) 1998-1999     Jochen Wiedmann
                                    Am Eisteich 9
                                    72555 Metzingen

                                    Phone: +49 7123 14887

    All rights reserved.

    You may distribute this module under the terms of either the GNU
    General Public License or the Artistic License, as specified in
    the Perl README file.

    the HTML::EP(3) manpage, the HTML::EP::Session(3) manpage