|
version 1.348, 2021/04/22 20:14:22
|
version 1.351, 2021/07/19 14:26:40
|
|
Line 831 ENDCLOSE
|
Line 831 ENDCLOSE
|
| if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) || |
if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) || |
| ($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) { |
($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) { |
| if ($ENV{'SERVER_PORT'} == 443) { |
if ($ENV{'SERVER_PORT'} == 443) { |
| unless (&Apache::lonnet::uses_sts()) { |
my $hostname = $r->hostname(); |
| my $hostname = $r->hostname(); |
unless ((&Apache::lonnet::uses_sts()) || |
| |
(&Apache::lonnet::waf_allssl($hostname))) { |
| if ($hostname ne '') { |
if ($hostname ne '') { |
| $dest = 'http://'.$hostname.$dest; |
$dest = 'http://'.$hostname.$dest; |
| } |
} |
|
Line 901 ENDCLOSE
|
Line 902 ENDCLOSE
|
| } |
} |
| } |
} |
| # Are we allowed to look at the first resource? |
# Are we allowed to look at the first resource? |
| my $access; |
# |
| if ($furl =~ m{^(/adm/wrapper|)/ext/}) { |
# $furl returned by lonuserstate::readmap() has format: |
| # If it's an external resource, |
# $url?symb=escaped($symb). If the resource has the |
| # strip off the symb argument and possible query |
# encrypturl parameter in effect, the entire string |
| my ($exturl,$symb) = ($furl =~ m{^(.+)(?:\?|\&)symb=(.+)$}); |
# $url?symb=escaped($symb) is encrypted as a string |
| # Unencode $symb |
# beginning /enc/. |
| $symb = &unescape($symb); |
# |
| # Then check for permission |
my ($access,$unencfurl,$unencsymb); |
| $access = &Apache::lonnet::allowed('bre',$exturl,$symb); |
if ($furl =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) { |
| # For other resources just check for permission |
my ($poss_url,$poss_symb) = ($1,$2); |
| |
$unencsymb = &unescape($poss_symb); |
| |
$unencfurl = $poss_url; |
| |
} elsif ($furl =~ m{^/enc/}) { |
| |
my $unenc = &Apache::lonenc::unencrypted($furl); |
| |
if ($unenc =~ m{^(.+)(?:\?|\&)symb=([^&]+)(?:$|&)}) { |
| |
($unencfurl,$unencsymb) = ($1,$2); |
| |
$unencsymb = &unescape($unencsymb); |
| |
} else { |
| |
$unencfurl = $unenc; |
| |
} |
| } else { |
} else { |
| $access = &Apache::lonnet::allowed('bre',$furl); |
$unencfurl = $furl; |
| } |
} |
| if (!$access) { |
if ($unencsymb) { |
| |
my $symb = &Apache::lonnet::symbclean($unencsymb); |
| |
if (($symb ne '') && (&Apache::lonnet::symbverify($symb,$unencfurl))) { |
| |
$access = &Apache::lonnet::allowed('bre',$unencfurl,$symb); |
| |
} else { |
| |
$access = &Apache::lonnet::allowed('bre',$unencfurl); |
| |
} |
| |
} else { |
| |
$access = &Apache::lonnet::allowed('bre',$unencfurl); |
| |
} |
| |
if ((!$access) || ($access eq 'B') || ($access eq 'D')) { |
| $furl = &Apache::lonpageflip::first_accessible_resource(); |
$furl = &Apache::lonpageflip::first_accessible_resource(); |
| } elsif ($access eq 'B') { |
if ($furl eq '') { |
| $furl = '/adm/navmaps?showOnlyHomework=1'; |
$furl = '/adm/navmaps?showOnlyHomework=1'; |
| |
} |
| } |
} |
| if ($env{'request.lti.login'}) { |
if ($env{'request.lti.login'}) { |
| undef($msg); |
undef($msg); |
![[BACK]](/icons/back.gif){kind=icon}
Return to lonroles.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth