--- loncom/auth/lonacc.pm	2022/07/08 15:36:32	1.159.2.21.2.2
+++ loncom/auth/lonacc.pm	2022/06/18 02:10:18	1.203
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.21.2.2 2022/07/08 15:36:32 raeburn Exp $
+# $Id: lonacc.pm,v 1.203 2022/06/18 02:10:18 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -160,7 +160,7 @@ sub get_posted_cgi {
                         if (length($value) == 1) {
                             $value=~s/[\r\n]$//;
                         }
-                    }
+                    } 
                     if ($fname =~ /\.(xls|doc|ppt)(x|m)$/i) {
                         $value=~s/[\r\n]$//;
                     }
@@ -204,6 +204,14 @@ sub get_posted_cgi {
 			$fname='';
 			$fmime='';
 		    }
+                    if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
+                        # TODO: something with $1 !
+                        $i++;
+                    }
+                    if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
+                        # TODO: something with $1 !
+                        $i++;
+                    }
 		    $i++;
 		}
 	    } else {
@@ -306,7 +314,6 @@ sub sso_login {
     my $query = $r->args;
     my %form;
     if ($query) {
-
         my @items = ('role','symb','iptoken','origurl','ttoken',
                      'ltoken','linkkey','logtoken','sso');
         &Apache::loncommon::get_unprocessed_cgi($query,\@items);
@@ -326,7 +333,7 @@ sub sso_login {
         }
     }
 
-    my ($linkprot,$linkprotuser,$linkprotexit,$linkkey,$deeplinkurl);
+    my ($linkprot,$linkprotuser,$linkkey,$deeplinkurl);
 
 #
 # If Shibboleth auth is in use, and a dual SSO and non-SSO login page
@@ -365,7 +372,6 @@ sub sso_login {
         if ($info{'linkprot'}) {
             $linkprot = $info{'linkprot'};
             $linkprotuser = $info{'linkprotuser'};
-            $linkprotexit = $info{'linkprotexit'};
         } elsif ($info{'linkkey'} ne '') {
             $linkkey = $info{'linkkey'};
         }
@@ -391,7 +397,6 @@ sub sso_login {
             if ($form{'linkprot'}) {
                 $linkprot = $form{'linkprot'};
                 $linkprotuser = $form{'linkprotuser'};
-                $linkprotexit = $form{'linkprotexit'};
             } elsif ($form{'linkkey'} ne '') {
                 $linkkey = $form{'linkkey'};
             }
@@ -420,7 +425,6 @@ sub sso_login {
             if ($form{'linkprot'}) {
                 $linkprot = $form{'linkprot'};
                 $linkprotuser = $form{'linkprotuser'};
-                $linkprotexit = $form{'linkprotexit'};
             } elsif ($form{'linkkey'} ne '') {
                 $linkkey = $form{'linkkey'};
             }
@@ -428,13 +432,8 @@ sub sso_login {
     } elsif ($form{'ltoken'}) {
         my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
         $linkprot = $link_info{'linkprot'};
-        if ($linkprot) {
-            if ($link_info{'linkprotuser'} ne '') {
-                $linkprotuser = $link_info{'linkprotuser'};
-            }
-            if ($link_info{'linkprotexit'} ne '') {
-                $linkprotexit = $link_info{'linkprotexit'};
-            }
+        if (($linkprot) && ($link_info{'linkprotuser'} ne '')) {
+            $linkprotuser = $link_info{'linkprotuser'};    
         }
         my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
         delete($form{'ltoken'});
@@ -456,7 +455,6 @@ sub sso_login {
                            origurl => $deeplinkurl,
                            linkprot => $linkprot,
                            linkprotuser => $linkprotuser,
-                           linkprotexit => $linkprotexit,
                        );
             my $token = &Apache::lonnet::tmpput(\%data,$r->dir_config('lonHostID'),'link');
             unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||
@@ -523,9 +521,6 @@ sub sso_login {
                     if ($linkprotuser ne '') {
                         $env{'request.linkprotuser'} = $linkprotuser;
                     }
-                    if ($linkprotexit ne '') {
-                        $env{'request.linkprotexit'} = $linkprotexit;
-                    }
                 } elsif ($linkkey ne '') {
                     $env{'request.linkkey'} = $linkkey;
                 }
@@ -544,7 +539,7 @@ sub sso_login {
 	} else {
 	    # need to login them in, so generate the need data that
 	    # migrate expects to do login
-            my $ip = &Apache::lonnet::get_requestor_ip($r);
+	    my $ip = &Apache::lonnet::get_requestor_ip($r);
 	    my %info=('ip'        => $ip,
 		      'domain'    => $domain,
 		      'username'  => $user,
@@ -571,12 +566,6 @@ sub sso_login {
             if ($info{'deeplink.login'}) {
                 if ($linkprot) {
                     $info{'linkprot'} = $linkprot;
-                    if ($linkprotuser ne '') {
-                        $info{'linkprotuser'} = $linkprotuser;
-                    }
-                    if ($linkprotexit ne '') {
-                        $info{'linkprotexit'} = $linkprotexit;
-                    }
                 } elsif ($linkkey ne '') {
                     $info{'linkkey'} = $linkkey;
                 }
@@ -715,7 +704,8 @@ sub handler {
             }
         } elsif ($env{'request.course.id'} &&
                  (($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) ||
-                  ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
+                  ($requrl eq "/public/$cdom/$cnum/syllabus") ||
+                  ($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
             my $query = $r->args;
             if ($query) {
                 foreach my $pair (split(/&/,$query)) {
@@ -737,6 +727,7 @@ sub handler {
             my $lonhost = &Apache::lonnet::host_from_dns($hostname);
             if ($lonhost) {
                 my $actual = &Apache::lonnet::absolute_url($hostname,1,1);
+                my $exphostname = &Apache::lonnet::hostname($lonhost);
                 my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
                 unless ($actual eq $expected) {
                     $env{'request.use_absolute'} = $expected;
@@ -786,33 +777,14 @@ sub handler {
                 &Apache::loncommon::get_unprocessed_cgi($r->args,['ttoken']);
                 if (defined($env{'form.ttoken'})) {
                     my %info = &Apache::lonnet::tmpget($env{'form.ttoken'});
-                    if (($info{'origurl'} ne '') && ($info{'origurl'} eq $requrl)) {
-                        my %data;
-                        if (($info{'linkprotuser'} ne '') && ($info{'linkprot'}) &&
+                    if (($info{'linkprotuser'} ne '') && ($info{'origurl'} ne '')) {
+                        if (($info{'linkprot'}) && ($info{'origurl'} eq $requrl) &&
                             ($info{'linkprotuser'} ne $env{'user.name'}.':'.$env{'user.domain'})) {
-                            %data = (
+                            my %data = (
                                 origurl => $requrl,
                                 linkprot => $info{'linkprot'},
                                 linkprotuser => $info{'linkprotuser'},
-                                linkprotexit => $info{'linkprotexit'},
                             );
-                        } elsif ($info{'ltoken'} ne '') {
-                            my %ltoken_info = &Apache::lonnet::tmpget($info{'ltoken'});
-                            if (($ltoken_info{'linkprotuser'} ne '') && ($ltoken_info{'linkprot'}) &&
-                                ($ltoken_info{'linkprotuser'} ne $env{'user.name'}.':'.$env{'user.domain'})) {
-                                %data = (
-                                    origurl => $requrl,
-                                    linkprot => $ltoken_info{'linkprot'},
-                                    linkprotuser => $ltoken_info{'linkprotuser'},
-                                    linkprotexit => $ltoken_info{'linkprotexit'},
-                                );
-                            }
-                        }
-                        if (keys(%data)) {
-                            my $delete = &Apache::lonnet::tmpdel($env{'form.ttoken'});
-                            if ($info{'ltoken'} ne '') {
-                                my $delete = &Apache::lonnet::tmpdel($info{'ltoken'});
-                            }
                             my $token =
                                 &Apache::lonnet::tmpput(\%data,$r->dir_config('lonHostID'),'retry');
                             unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) ||
@@ -928,7 +900,7 @@ sub handler {
                 &Apache::blockedaccess::setup_handler($r);
                 return OK;
             }
-        } elsif ($check_access) { 
+        } elsif ($check_access) {
             if ($handle eq '') {
                 unless ($access eq 'F') {
                     if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
@@ -1128,8 +1100,8 @@ sub handler {
                                 my $mapsymb = &Apache::lonnet::symbread($map);
                                 ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
                             }
-                            &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
-                                                      'last_known' =>[$murl,$mid]);
+			    &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
+						      'last_known' =>[$murl,$mid]);
                         }
 		    }
 		}
@@ -1182,7 +1154,7 @@ sub handler {
 # ------------------------------------ See if this is a viewable portfolio file
     if (&Apache::lonnet::is_portfolio_url($requrl)) {
         my $clientip = &Apache::lonnet::get_requestor_ip($r);
-	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
+        my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
 	if ($access eq 'A') {
 	    &Apache::restrictedaccess::setup_handler($r);
 	    return OK;