--- loncom/auth/lonacc.pm	2007/04/11 21:36:58	1.108
+++ loncom/auth/lonacc.pm	2007/11/06 18:07:35	1.110.2.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.108 2007/04/11 21:36:58 raeburn Exp $
+# $Id: lonacc.pm,v 1.110.2.1 2007/11/06 18:07:35 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -64,7 +64,8 @@ sub get_posted_cgi {
     if ($r->header_in('Content-length')) {
 	$r->read($buffer,$r->header_in('Content-length'),0);
     }
-    unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
+    my $content_type = $r->header_in('Content-type');
+    if ($content_type !~ m{^multipart/form-data}) {
 	my @pairs=split(/&/,$buffer);
 	my $pair;
 	foreach $pair (@pairs) {
@@ -76,7 +77,7 @@ sub get_posted_cgi {
 	    &Apache::loncommon::add_to_env("form.$name",$value);
 	}
     } else {
-	my $contentsep=$1;
+	my ($contentsep) = ($content_type =~ /boundary=\"?([^\";,]+)\"?/);
 	my @lines = split (/\n/,$buffer);
 	my $name='';
 	my $value='';
@@ -84,7 +85,7 @@ sub get_posted_cgi {
 	my $fmime='';
 	my $i;
 	for ($i=0;$i<=$#lines;$i++) {
-	    if ($lines[$i]=~/^$contentsep/) {
+	    if ($lines[$i]=~/^--\Q$contentsep\E/) {
 		if ($name) {
 		    chomp($value);
 		    if ($fname) {
@@ -287,6 +288,14 @@ sub handler {
 		$env{'user.domain'};
 	    if ($requrl !~ /^\Q$start\E/) {
 		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		return HTTP_NOT_ACCEPTABLE;
+	    }
+	}
+	if ($requrl =~ m|^/zipspool/|) {
+	    my $start='/zipspool/zipout/'.$env{'user.name'}.":".
+		$env{'user.domain'};
+	    if ($requrl !~ /^\Q$start\E/) {
+		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		return HTTP_NOT_ACCEPTABLE;
 	    }
 	}