--- loncom/publisher/loncfile.pm 2007/07/25 19:56:57 1.86 +++ loncom/publisher/loncfile.pm 2013/04/11 14:59:58 1.118 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.86 2007/07/25 19:56:57 albertel Exp $ +# $Id: loncfile.pm,v 1.118 2013/04/11 14:59:58 bisitz Exp $ # # Copyright Michigan State University Board of Trustees # @@ -68,7 +68,6 @@ use File::Basename; use File::Copy; use HTML::Entities(); use Apache::Constants qw(:common :http :methods); -use Apache::loncacc; use Apache::lonnet; use Apache::loncommon(); use Apache::lonlocal; @@ -102,13 +101,25 @@ my $r; # Needs to be global for some =cut sub Debug { - # Put out the indicated message butonly if DEBUG is true. + # Put out the indicated message but only if DEBUG is true. if ($DEBUG) { my ($r,$message) = @_; $r->log_reason($message); } } +sub done { + my ($url) = @_; + return + '
'
+ .&Apache::lonhtmlcommon::confirm_success(&mt("Done"))
+ .'
'.&mt("Continue").''
+ .''
+ .'
'.&mt('Error: destination for operation is an existing directory.').'
'); @@ -334,52 +350,71 @@ sub checksuffix { } sub cleanDest { - my ($request,$dest,$subdir,$fn,$uname)=@_; + my ($request,$dest,$subdir,$fn,$uname,$udom)=@_; #remove bad characters my $foundbad=0; + my $error=''; if ($subdir && $dest =~/\./) { $foundbad=1; $dest=~s/\.//g; } + $dest =~ s/(\s+$|^\s+)//g; if ($dest=~/[\#\?&%\":]/) { $foundbad=1; $dest=~s/[\#\?&%\":]//g; } if ($dest=~m|/|) { my ($newpath)=($dest=~m|(.*)/|); - $newpath=&relativeDest($fn,$newpath,$uname); + ($newpath,$error)=&relativeDest($fn,$newpath,$uname,$udom); if (! -d "$newpath") { - $request->print("".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"'.$newpath.'"')."
"); + $request->print('' + .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested filename." + ,&display($newpath)) + .'
'); $dest=~s|.*/||; } } if ($dest =~ /\.(\d+)\.(\w+)$/){ - $request->print('' - .&mt('Bad filename [_1].'
+ .&mt('Bad filename [_1]',&display($dest))
+ .'
'
+ .&mt('[_1](name).(number).(extension)[_2] not allowed.','','')
+ .'
'
+ .&mt('Removing the [_1].number.[_2] from requested filename.','','')
+ .'
".&mt('Invalid characters in requested name have been removed.')."
"); + $request->print('' + .&mt('Invalid characters in requested name have been removed.') + .'
' + ); } - return $dest; + return ($dest,$error); } sub relativeDest { - my ($fn,$newfilename,$uname)=@_; + my ($fn,$newfilename,$uname,$udom)=@_; + my $error = ''; if ($newfilename=~/^\//) { # absolute, simply add path - $newfilename='/home/'.$uname.'/public_html/'; + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; + $newfilename="$londocroot/res/$udom/$uname/"; } else { my $dir=$fn; - $dir=~s/\/[^\/]+$//; + $dir=~s{/[^/]+$}{}; $newfilename=$dir.'/'.$newfilename; } - $newfilename=~s://+:/:g; # remove duplicate / - while ($newfilename=~m:/\.\./:) { - $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. + $newfilename=~s{//+}{/}g; # remove duplicate / + while ($newfilename=~m{/\.\./}) { + $newfilename=~ s{/[^/]+/\.\./}{/}g; #remove dir/.. + } + my ($authorname,$authordom)=&Apache::lonnet::constructaccess($newfilename); + unless (($authorname) && ($authordom)) { + my $otherdir = &display($newfilename); + $error = &mt('Access denied to [_1]',$otherdir); } - return $newfilename; + return ($newfilename,$error); } =pod @@ -402,9 +437,9 @@ Parameters: sub CloseForm1 { my ($request, $fn) = @_; - $request->print(''); - $request->print(''); + $request->print(''); + $request->print(' '); } @@ -434,7 +469,7 @@ Parameters: sub CloseForm2 { my ($request, $user, $fn) = @_; - $request->print(''.
+ &mt('Cannot change MIME type of a directory.').
''.
- '
'.&mt('Cancel').'');
+ '
'.&mt('Cancel').'
'
+ .&mt('Cannot rename or move non-obsolete published file.')
+ .'
'
+ .''.&mt('Cancel').'
'.$action.' '.&display($fn).
- '
to '.&display($newfilename).'?
' + .&mt($action.' [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No new filename specified.').'
'); + $request->print(''.&mt('No new filename specified.').'
'); return; } } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); return; } @@ -569,25 +615,41 @@ sub Delete1 { if( -e $fn) { $request->print(''); + $fn.'" />'); if (-d $fn) { unless (&empty_directory($fn,'Delete1')) { - $request->print(''
+ .''
+ .&mt('Only empty directories may be deleted.')
+ .'
'
+ .&mt('You must delete the contents of the directory first.')
+ .'
'
+ .&mt('Cannot delete non-obsolete published file.')
+ .'
'
+ .''.&mt('Cancel').'
'.&mt('Delete').' '.&display($fn).'?
'); + $request->print('' + .&mt('Delete [_1]?', + &display($fn)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); } } @@ -641,13 +703,22 @@ sub Copy1 { $request->print(''.&mt('Copy').' '.&display($fn).'
to '.
- &display($newfilename).'?
' + .&mt('Copy [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); } } @@ -698,14 +769,17 @@ sub NewDir1 { if ($type eq 'error') { $request->print(''); } else { - if ($mode eq 'testbank') { - $request->print(''); - } elsif ($mode eq 'imsimport') { - $request->print(''); - } - $request->print(''.&mt('Make new directory').' '. - &display($newfilename).'?
'); + if (($mode eq 'testbank') || ($mode eq 'imsimport')) { + $request->print(''."\n". + ''); + } + $request->print('' + .'' + .&mt('Make new directory [_1]?', + &display($newfilename)) + .'
' + ); &CloseForm1($request, $fn); } } @@ -714,11 +788,19 @@ sub NewDir1 { sub Decompress1 { my ($request, $user, $domain, $fn) = @_; if( -e $fn) { - $request->print(''); - $request->print(''.&mt('Decompress').' '.&display($fn).'?
'); + $request->print(''); + $request->print('' + .&mt('Decompress [_1]?', + &display($fn)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); } } @@ -743,7 +825,7 @@ Parameters: =item $domain - Name of the domain of the user -=item $fn - Source file name +=item $fn - Source filename =item $newfilename - Name of the file to be created; no path information @@ -756,7 +838,7 @@ Side Effects: =item 2 new forms are displayed. Clicking on the confirmation button causes the browser to attempt to load the specfied URL, allowing the proper handler to take care of file creation. There is also a Cancel -button which returns you to the driectory listing you came from +button which returns you to the directory listing you came from =back @@ -764,23 +846,10 @@ button which returns you to the driector sub NewFile1 { my ($request, $user, $domain, $fn, $newfilename) = @_; + return if (&filename_check($newfilename) ne 'ok'); if ($env{'form.action'} =~ /new(.+)file/) { my $extension=$1; - - ##Informs User (name).(number).(extension) not allowed - if($newfilename =~ /\.(\d+)\.(\w+)$/){ - $r->print(''.$newfilename. - ' - '.&mt('Bad Filename').''. + &mt('Invalid filename: ').&display($newfilename).'
'.
+ &mt('The name of the new file needs to end with an appropriate file extension to indicate the type of file to create.').'
'.
+ &mt('The following are valid extensions: [_1].',$validexts).
+ '
'. + '
'. + ''); + return; + } + $request->print(''.&mt('Make new file').' '.&display($newfilename).'?
'); $request->print(''); + $request->print(''); + '" method="post">'); $request->print(''); + '" method="post">'); } + return; +} + +sub filename_check { + my ($newfilename) = @_; + ##Informs User (name).(number).(extension) not allowed + if($newfilename =~ /\.(\d+)\.(\w+)$/){ + $r->print(''.$newfilename. + ' - '.&mt('Bad Filename').''.&mt('Return to Directory'). + '
'); + return; + } $r->print(''); + $r->print('' + .&mt('No new filename specified.') + .'
' + ); } } elsif ($env{'form.action'} eq 'newdir') { my $mode = ''; @@ -878,7 +1008,10 @@ sub phaseone { if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) { &NewFile1($r, $uname, $udom, $fn, $newfilename); } else { - $r->print(''.&mt('No new filename specified.').'
'); + $r->print('' + .&mt('No new filename specified.') + .'
' + ); } } } @@ -965,7 +1098,12 @@ sub Rename2 { unlink $tmp2; } } else { - $request->print("".&mt('No such file').": ".&display($oldfile).'
'); + $request->print( + '' + .&mt('No such file: [_1]', + &display($oldfile)) + .'
' + ); return 0; } return 1; @@ -1013,7 +1151,7 @@ sub Delete2 { return 0; } } else { - $request->print(''.&mt('No such file').'.
'); + $request->print(''.&mt('No such file').'
'); return 0; } } @@ -1024,7 +1162,7 @@ sub Delete2 { return 0; } } else { - $request->print(''.&mt('No such file').'.
'); + $request->print(''.&mt('No such file').'
'); return 0; } } @@ -1083,7 +1221,7 @@ sub Copy2 { return 1; } } else { - $request->print(''.&mt('No such file').'
'); + $request->print(''.&mt('No such file').'
'); return 0; } return 1; @@ -1127,8 +1265,8 @@ sub NewDir2 { sub decompress2 { my ($r, $user, $dir, $file) = @_; - &Apache::lonnet::appenv('cgi.file' => $file); - &Apache::lonnet::appenv('cgi.dir' => $dir); + &Apache::lonnet::appenv({'cgi.file' => $file}); + &Apache::lonnet::appenv({'cgi.dir' => $dir}); my $result=&Apache::lonnet::ssi_body('/cgi-bin/decompress.pl'); $r->print($result); &Apache::lonnet::delenv('cgi.file'); @@ -1237,7 +1375,7 @@ sub phasetwo { } $dest = $env{'form.newfilename'}; } else { - $r->print(''.&mt('No New filename specified').'
'); + $r->print(''.&mt('No New filename specified').'
'); return; } @@ -1249,13 +1387,21 @@ sub phasetwo { $dest = $newdir."/"; } if ( ($env{'form.action'} eq 'newdir') && ($env{'form.phase'} eq 'two') && ( ($env{'form.callingmode'} eq 'testbank') || ($env{'form.callingmode'} eq 'imsimport') ) ) { - $r->print(''
+ .&Apache::lonhtmlcommon::confirm_success(&mt('Done'))
+ .'
'.&mt('Continue').''
+ .'
'.&Apache::lonhtmlcommon::confirm_success(&mt('Done')).'
' + .&Apache::lonhtmlcommon::actionbox( + [''.&mt('Return to Directory').'', + ''.$disp_newname.''])); } else { - $r->print(''.&mt('Location').': '.&display($fn).'
'); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - $r->print('' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'
' + ); } &Debug($r, "loncfile::handler Form action is $env{'form.action'} "); - if ($env{'form.action'} eq 'delete') { - $r->print(''.&mt('Unknown Action').' '.$env{'form.action'}.'
'. - &Apache::loncommon::end_page()); - return OK; + $r->print('' + .&mt('Unknown Action: [_1]',$env{'form.action'}) + .'
' + .&Apache::loncommon::end_page() + ); + return OK; } + if ($env{'form.phase'} eq 'two') { &Debug($r, "loncfile::handler entering phase2"); &phasetwo($r,$fn,$uname,$udom);