loncom/lond - diff - 1.489.2.25

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.489.2.23 and 1.489.2.25

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

version 1.489.2.23, 2016/09/24 19:16:57	version 1.489.2.25, 2016/09/27 16:30:24
Line 1429 sub du2_handler {	Line 1429 sub du2_handler {
# If the requested path contains /../ or is:	# If the requested path contains /../ or is:
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>/	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/res/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# or is:	# or is:
Line 1466 sub ls_handler {	Line 1466 sub ls_handler {
}	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles)/}) \|\|	unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {	($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
Line 1526 sub ls_handler {	Line 1526 sub ls_handler {
# If the requested path contains /../ or is:	# If the requested path contains /../ or is:
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>/	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/res/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# or is:	# or is:
Line 1562 sub ls2_handler {	Line 1562 sub ls2_handler {
}	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles)/}) \|\|	unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {	($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {
&Failure($client,"refused\n","$userinput");	&Failure($client,"refused\n","$userinput");
return 1;	return 1;
Line 1615 sub ls2_handler {	Line 1615 sub ls2_handler {
# If the requested path (after prepending) contains /../ or is:	# If the requested path (after prepending) contains /../ or is:
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>/	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/res/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# (d) /home/httpd/html/priv/<domain>/ and client is the homeserver	# (d) /home/httpd/html/priv/<domain>/ and client is the homeserver
Line 1700 sub ls3_handler {	Line 1700 sub ls3_handler {
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($getpropath) \|\| ($getuserdir) \|\|	unless (($getpropath) \|\| ($getuserdir) \|\|
($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles)/}) \|\|	($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) \|\|	($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) \|\|
(($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) {	(($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
Line 5463 sub auto_export_grades_handler {	Line 5463 sub auto_export_grades_handler {
# $cmd - The command that got us dispatched.	# $cmd - The command that got us dispatched.
# $tail - The tail of the command. In our case this is a colon	# $tail - The tail of the command. In our case this is a colon
# separated list that will be split into:	# separated list that will be split into:
# $filename - The name of the file to remove.	# $filename - The name of the file to retrieve.
# The filename is given as a path relative to	# The filename is given as a path relative to
# the LonCAPA temp file directory.	# the LonCAPA temp file directory.
# $client - Socket open on the client.	# $client - Socket open on the client.
Line 5479 sub retrieve_auto_file_handler {	Line 5479 sub retrieve_auto_file_handler {
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;	my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
if ($filename =~m{/\.\./}) {	if ($filename =~m{/\.\./}) {
&Failure($client, "refused\n", $userinput);	&Failure($client, "refused\n", $userinput);
	} elsif ($filename !~ /^$LONCAPA::match_domain\_$LONCAPA::match_courseid\_.+_classlist\.xml$/) {
	&Failure($client, "refused\n", $userinput);
} elsif ( (-e $source) && ($filename ne '') ) {	} elsif ( (-e $source) && ($filename ne '') ) {
my $reply = '';	my $reply = '';
if (open(my $fh,$source)) {	if (open(my $fh,$source)) {

Removed from v.1.489.2.23
changed lines
	Added in v.1.489.2.25