--- loncom/interface/londocs.pm 2021/02/10 12:09:29 1.676 +++ loncom/interface/londocs.pm 2022/09/13 12:22:14 1.679 @@ -1,7 +1,7 @@ # The LearningOnline Network # Documents # -# $Id: londocs.pm,v 1.676 2021/02/10 12:09:29 raeburn Exp $ +# $Id: londocs.pm,v 1.679 2022/09/13 12:22:14 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -183,6 +183,45 @@ sub default_folderpath { } } +sub validate_folderpath { + my ($supplementalflag) = @_; + if ($env{'form.folderpath'} ne '') { + my @items = split(/\&/,$env{'form.folderpath'}); + my $badpath; + for (my $i=0; $i<@items; $i++) { + my $odd = $i%2; + if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) { + $badpath = 1; + } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) { + $badpath = 1; + } + last if ($badpath); + } + if ($badpath) { + delete($env{'form.folderpath'}); + } + } + return; +} + +sub validate_suppath { + if ($env{'form.supppath'} ne '') { + my @items = split(/\&/,$env{'form.supppath'}); + my $badpath; + for (my $i=0; $i<@items; $i++) { + my $odd = $i%2; + if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) { + $badpath = 1; + } + last if ($badpath); + } + if ($badpath) { + delete($env{'form.supppath'}); + } + } + return; +} + sub dumpcourse { my ($r) = @_; my $crstype = &Apache::loncommon::course_type(); @@ -3929,7 +3968,7 @@ sub entryline { my $line=&Apache::loncommon::start_data_table_row(); my ($form_start,$form_end,$form_common,$form_param); # Edit commands - my ($esc_path, $path, $symb, $curralias); + my ($esc_path, $path, $symb, $shownsymb, $curralias); if ($env{'form.folderpath'}) { $esc_path=&escape($env{'form.folderpath'}); $path = &HTML::Entities::encode($env{'form.folderpath'},'<>&"'); @@ -4196,14 +4235,14 @@ END } elsif ($url eq "/public/$coursedom/$coursenum/syllabus") { if (($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { $url .= '?usehttp=1'; } $nomodal = 1; } } if (&Apache::lonnet::symbverify($symb,$url)) { - my $shownsymb = $symb; + $shownsymb = $symb; if ($isexternal) { $url =~ s/\#[^#]+$//; if ($container eq 'page') { @@ -4238,7 +4277,7 @@ END } } if ($checkencrypt) { - my $shownsymb = &Apache::lonenc::encrypted($symb); + $shownsymb = &Apache::lonenc::encrypted($symb); my $shownurl = &Apache::lonenc::encrypted($url); if (&Apache::lonnet::symbverify($shownsymb,$shownurl)) { $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb); @@ -4261,7 +4300,7 @@ END $url = $1; $anchor = $2; if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $url = 'http://'.$hostname.$url; } @@ -4273,7 +4312,7 @@ END } elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) { if (($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $url = 'http://'.$hostname.$url; } @@ -4412,7 +4451,7 @@ $form_end; &Apache::lonhtmlcommon::jump_to_editres($cfile,$home, $switchserver, $forceedit, - undef,$symb, + undef,$symb,$shownsymb, &escape($env{'form.folderpath'}), $renametitle,$hostname, '','',1,$suppanchor); @@ -5546,35 +5585,11 @@ sub handler { if ($env{'form.tools'}) { $toolsflag=1; } if ($env{'form.folderpath'} ne '') { - my @items = split(/\&/,$env{'form.folderpath'}); - my $badpath; - for (my $i=0; $i<@items; $i++) { - my $odd = $i%2; - if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) { - $badpath = 1; - } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) { - $badpath = 1; - } - last if ($badpath); - } - if ($badpath) { - delete($env{'form.folderpath'}); - } + &validate_folderpath($supplementalflag); } if ($env{'form.supppath'} ne '') { - my @items = split(/\&/,$env{'form.supppath'}); - my $badpath; - for (my $i=0; $i<@items; $i++) { - my $odd = $i%2; - if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) { - $badpath = 1; - } - last if ($badpath); - } - if ($badpath) { - delete($env{'form.supppath'}); - } + &validate_suppath(); } my $script=''; @@ -5633,6 +5648,9 @@ sub handler { } else { undef($env{'form.folderpath'}); } + if ($env{'form.folderpath'} ne '') { + &validate_folderpath($supplementalflag); + } } # If we are not allowed to make changes, all we can see are supplemental docs @@ -7306,7 +7324,7 @@ sub editing_js { if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) { if (($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $backtourl = 'http://'.$hostname.$backtourl; } @@ -7315,7 +7333,7 @@ sub editing_js { } } elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) { if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $backtourl = 'http://'.$hostname.$backtourl; }