--- loncom/interface/lonsource.pm 2015/05/23 21:02:39 1.34
+++ loncom/interface/lonsource.pm 2017/09/18 16:58:08 1.36
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Source Code handler
#
-# $Id: lonsource.pm,v 1.34 2015/05/23 21:02:39 raeburn Exp $
+# $Id: lonsource.pm,v 1.36 2017/09/18 16:58:08 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -44,8 +44,9 @@ use LONCAPA qw(:DEFAULT :match);
sub make_link {
my ($filename, $listname) = @_;
- my $sourcelink = "/adm/source?inhibitmenu=yes&filename=".$filename."&listname=".$listname;
-
+ my $sourcelink = '/adm/source?inhibitmenu=yes&filename='.
+ &escape(&escape($filename)).'&listname='.
+ &escape(&escape($listname));
return $sourcelink;
}
@@ -88,52 +89,33 @@ sub copy_author {
sub copy_stage {
my ($r, $filename, $listname, $newpath) = @_;
-#Figure out if we are author or co-author
- my ($role,$author_name,$domain)=©_author();
-
-# Construct path to copy and filter out any possibly nasty stuff
- my $path_to_new_file = $r->dir_config('lonDocRoot').
- "/priv/$domain/$author_name/$newpath/$listname";
- $path_to_new_file=~s/\.\.//g;
- $path_to_new_file=~s/\~//g;
- $path_to_new_file=~s/\/+/\//g;
-
-#Just checking again for access as we want to make sure that it is really ok now that we have the real path
-
- my ($uname,$udom)= &Apache::lonnet::constructaccess($path_to_new_file);
-
- if (!$uname || !$udom) {
- $r->print(&Apache::loncommon::start_page('Not Allowed',undef,{'only_body' => 1}));
- $r->print(&mt('Not allowed to create file [_1]', $path_to_new_file));
- $r->print(&Apache::loncommon::end_page());
- return;
- }
+ my ($path_to_new_file,$uname,$udom) = &get_path_to_newfile($r,$newpath,$listname);
#allowed
- $r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1}));
- my $result = &Apache::loncfile::exists($uname, $udom, $path_to_new_file);
- $r->print($result);
- if(($result) && ($result =~ m|published|) ) {
- &delete_copy_file($r, $newpath, $filename, $path_to_new_file, '1');
- } elsif(($result) && ($result =~ m|exists!|)) {
- &confirm($r, $newpath, $filename, $path_to_new_file);
- } else {
- ©_file($r, $newpath, $filename, $path_to_new_file);
+ if ($path_to_new_file) {
+ $r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1}));
+ my $result = &Apache::loncfile::exists($uname, $udom, $path_to_new_file);
+ $r->print($result);
+ if (($result) && ($result =~ /published/)) {
+ &delete_copy_file($r, $newpath, $filename, $path_to_new_file, '1');
+ } elsif (($result) && ($result =~ /exists\!/)) {
+ &confirm($r, $newpath, $filename, $listname);
+ } else {
+ ©_file($r, $newpath, $filename, $path_to_new_file);
+ }
+ $r->print(&Apache::loncommon::end_page());
}
-
- $r->print(&Apache::loncommon::end_page());
return;
}
sub confirm {
- my ($r, $newpath, $filename, $path_to_new_file) = @_;
+ my ($r, $newpath, $filename, $listname) = @_;
$r->print(''.&mt('Press delete to remove file and replace it with a copy of the source you are viewing.').'
');
$r->print('');
return;
@@ -141,7 +123,7 @@ sub confirm {
sub delete_copy_file {
my ($r, $newpath, $filename, $path_to_new_file, $type) = @_;
- if($type eq '1') {
+ if ($type eq '1') {
$r->print(''
.&mt('Cannot delete non-obsolete published file.')
.'
'
@@ -151,10 +133,11 @@ sub delete_copy_file {
.''
.'
');
+ return;
} else {
$r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1}));
- if(-e $path_to_new_file) {
- unless(unlink($path_to_new_file)) {
+ if (-e $path_to_new_file) {
+ unless (unlink($path_to_new_file)) {
$r->print(''.&mt('Error:').' '.$!.'
');
return 0;
}
@@ -164,8 +147,8 @@ sub delete_copy_file {
}
©_file($r, $newpath, $filename, $path_to_new_file);
$r->print(&Apache::loncommon::end_page());
+ return;
}
- return;
}
sub copy_file {
@@ -311,12 +294,48 @@ sub includemeta {
}
}
+sub get_path_to_newfile {
+ my ($r,$newpath,$listname) = @_;
+
+ #Figure out if we are author or co-author
+ my ($role,$author_name,$domain) = ©_author();
+
+ # Construct path to copy and filter out any possibly nasty stuff
+ my $path = $r->dir_config('lonDocRoot')."/priv/$domain/$author_name/";
+ my $path_to_new_file = $path."$newpath/$listname";
+ $path_to_new_file=~s/\.\.//g;
+ $path_to_new_file=~s/\~//g;
+ $path_to_new_file=~s/\/+/\//g;
+
+ #Just checking again for access as we want to make sure that it is really ok
+ #now that we have the real path
+
+ my ($uname,$udom)= &Apache::lonnet::constructaccess($path_to_new_file);
+
+ if (!$uname || !$udom) {
+ $r->print(&Apache::loncommon::start_page('Not Allowed',undef,{'only_body' => 1}));
+ $r->print(&mt('Not allowed to create file [_1]', $path_to_new_file));
+ $r->print(&Apache::loncommon::end_page());
+ if (wantarray) {
+ return();
+ } else {
+ return;
+ }
+ }
+ if (wantarray) {
+ return ($path_to_new_file,$uname,$udom);
+ } else {
+ return $path_to_new_file;
+ }
+}
+
sub handler {
my $r=shift;
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
['filename','listname']);
my $filename = $env{'form.filename'};
my $listname = $env{'form.listname'};
+
my $source = &Apache::lonnet::metadata($filename,'sourceavail');
if ($source ne 'open') {
$env{'user.error.msg'}="$filename:cre:1:1:Source code not available";
@@ -330,6 +349,7 @@ sub handler {
$env{'user.error.msg'}="$filename:cre:1:1:Access to source code denied";
return HTTP_NOT_ACCEPTABLE;
}
+ my $newpath = $env{'form.newpath'};
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
@@ -337,9 +357,12 @@ sub handler {
if ($env{'form.action'} eq 'stage2') {
&stage_2($r,$filename,$listname);
} elsif($env{'form.action'} eq 'copy_stage') {
- ©_stage($r,$filename,$listname,$env{'form.newpath'});
+ ©_stage($r,$filename,$listname,$newpath);
} elsif($env{'form.action'} eq 'delete_confirm') {
- &delete_copy_file($r,$env{'form.newpath'},$filename, $env{'form.path'}, '0');
+ my $path_to_new_file = &get_path_to_newfile($r,$newpath,$listname);
+ if ($path_to_new_file) {
+ &delete_copy_file($r, $newpath, $filename, $path_to_new_file, '0');
+ }
} else {
&print_item($r,$filename,$listname);
}