version 1.56, 2004/05/26 22:31:30
|
version 1.60, 2004/08/20 16:29:15
|
Line 289 sub checksuffix {
|
Line 289 sub checksuffix {
|
} |
} |
|
|
sub cleanDest { |
sub cleanDest { |
my ($request,$dest)=@_; |
my ($request,$dest,$subdir)=@_; |
#remove bad characters |
#remove bad characters |
if ($dest=~/[\#\?&%]/) { |
my $foundbad=0; |
|
if ($subdir && $dest =~/\./) { |
|
$foundbad=1; |
|
$dest=~s/\.//g; |
|
} |
|
if ($dest=~/[\#\?&%\"]/) { |
|
$foundbad=1; |
|
$dest=~s/[\#\?&%\"]//g; |
|
} |
|
if ($foundbad) { |
$request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>"); |
$request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>"); |
$dest=~s/[\#\?&%]//g; |
|
} |
} |
return $dest; |
return $dest; |
} |
} |
Line 750 performed and reported to the user.
|
Line 758 performed and reported to the user.
|
sub phaseone { |
sub phaseone { |
my ($r,$fn,$uname,$udom)=@_; |
my ($r,$fn,$uname,$udom)=@_; |
|
|
my $newfilename=&cleanDest($r,$ENV{'form.newfilename'}); |
my $doingdir=0; |
|
if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; } |
|
my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir); |
$newfilename=&relativeDest($fn,$newfilename,$uname); |
$newfilename=&relativeDest($fn,$newfilename,$uname); |
$r->print('<form action="/adm/cfile" method="post">'. |
$r->print('<form action="/adm/cfile" method="post">'. |
'<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'. |
'<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'. |
Line 1156 sub handler {
|
Line 1166 sub handler {
|
|
|
$r=shift; |
$r=shift; |
|
|
|
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress','action','filename','newfilename']); |
|
|
&Debug($r, "loncfile.pm - handler entered"); |
&Debug($r, "loncfile.pm - handler entered"); |
&Debug($r, " filename: ".$ENV{'form.filename'}); |
&Debug($r, " filename: ".$ENV{'form.filename'}); |
Line 1174 sub handler {
|
Line 1185 sub handler {
|
} elsif($ENV{'QUERY_STRING'} && $ENV{'form.phase'} ne 'two') { |
} elsif($ENV{'QUERY_STRING'} && $ENV{'form.phase'} ne 'two') { |
#Just hijack the script only the first time around to inject the |
#Just hijack the script only the first time around to inject the |
#correct information for further processing |
#correct information for further processing |
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress']); |
|
$fn=&Apache::lonnet::unescape($ENV{'form.decompress'}); |
$fn=&Apache::lonnet::unescape($ENV{'form.decompress'}); |
$fn=&URLToPath($fn); |
$fn=&URLToPath($fn); |
$ENV{'form.action'}="decompress"; |
$ENV{'form.action'}="decompress"; |