--- loncom/interface/londocs.pm 2021/02/09 22:12:33 1.675
+++ loncom/interface/londocs.pm 2022/09/29 03:59:29 1.681
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: londocs.pm,v 1.675 2021/02/09 22:12:33 raeburn Exp $
+# $Id: londocs.pm,v 1.681 2022/09/29 03:59:29 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -183,6 +183,45 @@ sub default_folderpath {
}
}
+sub validate_folderpath {
+ my ($supplementalflag) = @_;
+ if ($env{'form.folderpath'} ne '') {
+ my @items = split(/\&/,$env{'form.folderpath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+ $badpath = 1;
+ } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.folderpath'});
+ }
+ }
+ return;
+}
+
+sub validate_suppath {
+ if ($env{'form.supppath'} ne '') {
+ my @items = split(/\&/,$env{'form.supppath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.supppath'});
+ }
+ }
+ return;
+}
+
sub dumpcourse {
my ($r) = @_;
my $crstype = &Apache::loncommon::course_type();
@@ -1456,7 +1495,7 @@ sub print_paste_buffer {
}
$pasteitems .= '';
if ($nopaste) {
- $pasteitems .= $nopaste;
+ $pasteitems .= ' '.$nopaste.'';
} else {
if ($othercrs) {
$pasteitems .= $othercrs;
@@ -2761,6 +2800,15 @@ sub apply_fixups {
$storefn =~ s/^((?:default|supplemental)_)(\d+)/$1$newsubdir{$key}/;
}
my $mapcontent = &Apache::lonnet::getfile($key);
+ if (($mapcontent eq '-1') && ($before{'map'} eq 'supplemental') &&
+ ($after{'map'} eq 'default') &&
+ ($key =~ m{^/uploaded/$match_domain/$match_courseid/supplemental_\d+\.sequence$})) {
+ $mapcontent = '';
+ }
if ($mapcontent eq '-1') {
if (ref($errors) eq 'HASH') {
$errors->{$key} = 1;
@@ -3929,7 +3977,7 @@ sub entryline {
my $line=&Apache::loncommon::start_data_table_row();
my ($form_start,$form_end,$form_common,$form_param);
# Edit commands
- my ($esc_path, $path, $symb, $curralias);
+ my ($esc_path, $path, $symb, $shownsymb, $curralias);
if ($env{'form.folderpath'}) {
$esc_path=&escape($env{'form.folderpath'});
$path = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
@@ -4196,36 +4244,16 @@ END
} elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
$url .= '?usehttp=1';
}
$nomodal = 1;
}
}
- if (&Apache::lonnet::symbverify($symb,$url)) {
- my $shownsymb = $symb;
- if ($isexternal) {
- $url =~ s/\#[^#]+$//;
- if ($container eq 'page') {
- $url = &Apache::lonnet::clutter($url);
- }
- }
- unless ($env{'request.role.adv'}) {
- if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
- $url = '';
- }
- if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
- $url = '';
- $hiddenres = 1;
- }
- }
- if ($url ne '') {
- $url.=(($url=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
- }
- } elsif (!$env{'request.role.adv'}) {
- my $checkencrypt;
+ my ($checkencrypt,$shownurl);
+ if (!$env{'request.role.adv'}) {
if (((&LONCAPA::map::getparameter($orderidx,'parameter_encrypturl'))[0]=~/^yes$/i) ||
- $isencrypted || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
+ ($isencrypted) || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
$checkencrypt = 1;
} elsif (ref($navmapref)) {
unless (ref($$navmapref)) {
@@ -4233,26 +4261,43 @@ END
}
if (ref($$navmapref)) {
if (lc($$navmapref->get_mapparam($symb,undef,"0.encrypturl")) eq 'yes') {
- $checkencrypt = 1;
+ $checkencrypt = 1;
}
}
}
- if ($checkencrypt) {
- my $shownsymb = &Apache::lonenc::encrypted($symb);
- my $shownurl = &Apache::lonenc::encrypted($url);
- if (&Apache::lonnet::symbverify($shownsymb,$shownurl)) {
- $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
- if ($env{'request.enc'} ne '') {
- delete($env{'request.enc'});
- }
- } else {
- $url='';
- }
+ }
+ if ($checkencrypt) {
+ my $currenc = $env{'request.enc'};
+ $env{'request.enc'} = 1;
+ $shownsymb = &Apache::lonenc::encrypted($symb);
+ $shownurl = &Apache::lonenc::encrypted($url);
+ if (&Apache::lonnet::symbverify($symb,$url)) {
+ $url = $shownurl;
} else {
- $url='';
+ $url = '';
+ }
+ $env{'request.enc'} = $currenc;
+ } elsif (&Apache::lonnet::symbverify($symb,$url)) {
+ $shownsymb = $symb;
+ if ($isexternal) {
+ $url =~ s/\#[^#]+$//;
+ if ($container eq 'page') {
+ $url = &Apache::lonnet::clutter($url);
+ }
+ }
+ $shownurl = $url;
+ }
+ unless ($env{'request.role.adv'}) {
+ if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
+ $url = '';
+ }
+ if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
+ $url = '';
+ $hiddenres = 1;
}
- } else {
- $url='';
+ }
+ if ($url ne '') {
+ $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
}
}
} elsif ($supplementalflag) {
@@ -4261,7 +4306,7 @@ END
$url = $1;
$anchor = $2;
if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$url = 'http://'.$hostname.$url;
}
@@ -4273,7 +4318,7 @@ END
} elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$url = 'http://'.$hostname.$url;
}
@@ -4412,7 +4457,7 @@ $form_end;
&Apache::lonhtmlcommon::jump_to_editres($cfile,$home,
$switchserver,
$forceedit,
- undef,$symb,
+ undef,$symb,$shownsymb,
&escape($env{'form.folderpath'}),
$renametitle,$hostname,
'','',1,$suppanchor);
@@ -5546,35 +5591,11 @@ sub handler {
if ($env{'form.tools'}) { $toolsflag=1; }
if ($env{'form.folderpath'} ne '') {
- my @items = split(/\&/,$env{'form.folderpath'});
- my $badpath;
- for (my $i=0; $i<@items; $i++) {
- my $odd = $i%2;
- if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
- $badpath = 1;
- } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
- $badpath = 1;
- }
- last if ($badpath);
- }
- if ($badpath) {
- delete($env{'form.folderpath'});
- }
+ &validate_folderpath($supplementalflag);
}
if ($env{'form.supppath'} ne '') {
- my @items = split(/\&/,$env{'form.supppath'});
- my $badpath;
- for (my $i=0; $i<@items; $i++) {
- my $odd = $i%2;
- if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
- $badpath = 1;
- }
- last if ($badpath);
- }
- if ($badpath) {
- delete($env{'form.supppath'});
- }
+ &validate_suppath();
}
my $script='';
@@ -5633,6 +5654,9 @@ sub handler {
} else {
undef($env{'form.folderpath'});
}
+ if ($env{'form.folderpath'} ne '') {
+ &validate_folderpath($supplementalflag);
+ }
}
# If we are not allowed to make changes, all we can see are supplemental docs
@@ -7306,7 +7330,7 @@ sub editing_js {
if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$backtourl = 'http://'.$hostname.$backtourl;
}
@@ -7315,7 +7339,7 @@ sub editing_js {
}
} elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$backtourl = 'http://'.$hostname.$backtourl;
}
@@ -7361,7 +7385,7 @@ sub editing_js {
function makenewfolder(targetform,folderseq) {
var foldername=prompt('$js_lt{"p_mnf"}','$js_lt{"t_mnf"}');
if (foldername) {
- targetform.importdetail.value=escape(foldername)+"="+folderseq;
+ targetform.importdetail.value=encodeURIComponent(foldername)+"="+folderseq;
targetform.submit();
}
}
@@ -7369,7 +7393,7 @@ function makenewfolder(targetform,folder
function makenewpage(targetform,folderseq) {
var pagename=prompt('$js_lt{"p_mnp"}','$js_lt{"t_mnp"}');
if (pagename) {
- targetform.importdetail.value=escape(pagename)+"="+folderseq;
+ targetform.importdetail.value=encodeURIComponent(pagename)+"="+folderseq;
targetform.submit();
}
}
@@ -7378,7 +7402,7 @@ function makeexamupload() {
var title=prompt('$js_lt{"p_mxu"}');
if (title) {
this.document.forms.newexamupload.importdetail.value=
- escape(title)+'=/res/lib/templates/examupload.problem';
+ encodeURIComponent(title)+'=/res/lib/templates/examupload.problem';
this.document.forms.newexamupload.submit();
}
}
@@ -7387,7 +7411,7 @@ function makesmppage() {
var title=prompt('$js_lt{"p_msp"}');
if (title) {
this.document.forms.newsmppg.importdetail.value=
- escape(title)+'=/adm/$udom/$uname/new/smppg';
+ encodeURIComponent(title)+'=/adm/$udom/$uname/new/smppg';
this.document.forms.newsmppg.submit();
}
}
@@ -7411,7 +7435,7 @@ function makesmpproblem() {
var title=prompt('$js_lt{"p_msb"}');
if (title) {
this.document.forms.newsmpproblem.importdetail.value=
- escape(title)+'=/res/lib/templates/simpleproblem.problem';
+ encodeURIComponent(title)+'=/res/lib/templates/simpleproblem.problem';
this.document.forms.newsmpproblem.submit();
}
}
@@ -7420,7 +7444,7 @@ function makedropbox() {
var title=prompt('$js_lt{"p_mdb"}');
if (title) {
this.document.forms.newdropbox.importdetail.value=
- escape(title)+'=/res/lib/templates/DropBox.problem';
+ encodeURIComponent(title)+'=/res/lib/templates/DropBox.problem';
this.document.forms.newdropbox.submit();
}
}
@@ -7429,7 +7453,7 @@ function makebulboard() {
var title=prompt('$js_lt{"p_mbb"}');
if (title) {
this.document.forms.newbul.importdetail.value=
- escape(title)+'=/adm/$udom/$uname/new/bulletinboard';
+ encodeURIComponent(title)+'=/adm/$udom/$uname/new/bulletinboard';
this.document.forms.newbul.submit();
}
}
@@ -8553,7 +8577,7 @@ function validImportCrsRes() {
url += fname;
}
var title = document.crsresimportform.crsrestitle.value;
- document.crsresimportform.importdetail.value=escape(title)+'='+escape(url);
+ document.crsresimportform.importdetail.value=encodeURIComponent(title)+'='+encodeURIComponent(url);
return true;
}