--- loncom/publisher/loncfile.pm 2009/05/26 16:29:56 1.99 +++ loncom/publisher/loncfile.pm 2011/11/07 13:38:45 1.106.2.1 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.99 2009/05/26 16:29:56 bisitz Exp $ +# $Id: loncfile.pm,v 1.106.2.1 2011/11/07 13:38:45 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -348,6 +348,7 @@ sub cleanDest { my ($request,$dest,$subdir,$fn,$uname)=@_; #remove bad characters my $foundbad=0; + my $error=''; if ($subdir && $dest =~/\./) { $foundbad=1; $dest=~s/\.//g; @@ -359,33 +360,37 @@ sub cleanDest { } if ($dest=~m|/|) { my ($newpath)=($dest=~m|(.*)/|); - $newpath=&relativeDest($fn,$newpath,$uname); + ($newpath,$error)=&relativeDest($fn,$newpath,$uname); if (! -d "$newpath") { - $request->print('
'
+ $request->print(' '
.&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name."
- ,'"'.&display($newpath).'"')
+ ,&display($newpath))
.' '
+ .&mt('Bad filename [_1]',&display($dest))
.'
'
.&mt('[_1](name).(number).(extension)[_2] not allowed.','','')
.'
'
.&mt('Removing the [_1].number.[_2] from requested filename.','','')
- .'');
+ .'
".&mt('Invalid characters in requested name have been removed.')."
"); + $request->print('' + .&mt('Invalid characters in requested name have been removed.') + .'
' + ); } - return $dest; + return ($dest,$error); } sub relativeDest { my ($fn,$newfilename,$uname)=@_; + my $error = ''; if ($newfilename=~/^\//) { # absolute, simply add path $newfilename='/home/'.$uname.'/public_html/'; @@ -398,7 +403,18 @@ sub relativeDest { while ($newfilename=~m:/\.\./:) { $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. } - return $newfilename; + if ($newfilename =~ m{^/home/($match_username)/(?:public\_html|priv)/}) { + my $otheruname = $1; + unless ($otheruname eq $uname) { + my ($authorname,$authordom)= + &Apache::loncacc::constructaccess($newfilename,$env{'request.role.domain'}); + unless (($authorname eq $otheruname) && ($authordom ne '')) { + my $otherdir = &display($newfilename); + $error = &mt('Access denied to [_1]',$otherdir); + } + } + } + return ($newfilename,$error); } =pod @@ -514,10 +530,10 @@ sub Rename1 { if (-d $fn) { $newfilename=~/\.(\w+)$/; if (&Apache::loncommon::fileembstyle($1) eq 'ssi') { - $request->print(''.
+ &mt('Cannot change MIME type of a directory.').
''.
- '
'.&mt('Cancel').'');
+ '
'.&mt('Cancel').'
'
+ .&mt('Cannot rename or move non-obsolete published file.')
+ .'
'
+ .''.&mt('Cancel').'
'.$action.' '.&display($fn). - '
' + .&mt($action.' [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No new filename specified.').'
'); + $request->print(''.&mt('No new filename specified.').'
'); return; } } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); return; } @@ -591,22 +618,38 @@ sub Delete1 { $fn.'" />'); if (-d $fn) { unless (&empty_directory($fn,'Delete1')) { - $request->print(''
+ .''
+ .&mt('Only empty directories may be deleted.')
+ .'
'
+ .&mt('You must delete the contents of the directory first.')
+ .'
'
+ .&mt('Cannot delete non-obsolete published file.')
+ .'
'
+ .''.&mt('Cancel').'
'.&mt('Delete').' '.&display($fn).'?
'); + $request->print('' + .&mt('Delete [_1]?', + &display($fn)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); } } @@ -660,13 +703,22 @@ sub Copy1 { $request->print(''.&mt('Copy').' '.&display($fn).'
to '.
- &display($newfilename).'?
' + .&mt('Copy [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); } } @@ -717,14 +769,17 @@ sub NewDir1 { if ($type eq 'error') { $request->print(''); } else { - if ($mode eq 'testbank') { - $request->print(''); - } elsif ($mode eq 'imsimport') { - $request->print(''); - } - $request->print(''.&mt('Make new directory').' '. - &display($newfilename).'?
'); + if (($mode eq 'testbank') || ($mode eq 'imsimport')) { + $request->print(''."\n". + ''); + } + $request->print('' + .'' + .&mt('Make new directory [_1]?', + &display($newfilename)) + .'
' + ); &CloseForm1($request, $fn); } } @@ -734,10 +789,18 @@ sub Decompress1 { my ($request, $user, $domain, $fn) = @_; if( -e $fn) { $request->print(''); - $request->print(''.&mt('Decompress').' '.&display($fn).'?
'); + $request->print('' + .&mt('Decompress [_1]?', + &display($fn)) + .'
' + ); &CloseForm1($request, $fn); } else { - $request->print(''.&mt('No such file').': '.&display($fn).'
'); + $request->print('' + .&mt('No such file: [_1]', + &display($fn)) + .'
' + ); } } @@ -806,7 +869,7 @@ sub NewFile1 { $extension = $1; } - my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty library js css txt); + my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty task library js css txt); if (($extension eq '') || (!grep(/^\Q$extension\E/,@okexts))) { my $validexts = '.'.join(', .',@okexts); $request->print(''. @@ -886,8 +949,23 @@ sub phaseone { my $doingdir=0; if ($env{'form.action'} eq 'newdir') { $doingdir=1; } - my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); - $newfilename=&relativeDest($fn,$newfilename,$uname); + my ($newfilename,$error) = + &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); + unless ($error) { + ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname); + } + if ($error) { + my $dirlist; + if ($fn=~m{^(.*/)[^/]+$}) { + $dirlist=$1; + } else { + $dirlist=$fn; + } + $r->print('
' + .&mt('No new filename specified.') + .'
' + ); } } elsif ($env{'form.action'} eq 'newdir') { my $mode = ''; @@ -927,7 +1008,10 @@ sub phaseone { if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) { &NewFile1($r, $uname, $udom, $fn, $newfilename); } else { - $r->print(''.&mt('No new filename specified.').'
'); + $r->print('' + .&mt('No new filename specified.') + .'
' + ); } } } @@ -1014,7 +1098,12 @@ sub Rename2 { unlink $tmp2; } } else { - $request->print("".&mt('No such file').": ".&display($oldfile).'
'); + $request->print( + '' + .&mt('No such file: [_1]', + &display($oldfile)) + .'
' + ); return 0; } return 1; @@ -1062,7 +1151,7 @@ sub Delete2 { return 0; } } else { - $request->print(''.&mt('No such file').'.
'); + $request->print(''.&mt('No such file').'
'); return 0; } } @@ -1073,7 +1162,7 @@ sub Delete2 { return 0; } } else { - $request->print(''.&mt('No such file').'.
'); + $request->print(''.&mt('No such file').'
'); return 0; } } @@ -1132,7 +1221,7 @@ sub Copy2 { return 1; } } else { - $request->print(''.&mt('No such file').'
'); + $request->print(''.&mt('No such file').'
'); return 0; } return 1; @@ -1286,7 +1375,7 @@ sub phasetwo { } $dest = $env{'form.newfilename'}; } else { - $r->print(''.&mt('No New filename specified').'
'); + $r->print(''.&mt('No New filename specified').'
'); return; } @@ -1386,12 +1475,12 @@ function writeDone() { |; $loaditem{'onload'} = "writeDone()"; } - + # Breadcrumbs &Apache::lonhtmlcommon::clear_breadcrumbs(); &Apache::lonhtmlcommon::add_breadcrumb({ 'text' => 'Construction Space', - 'href' => '', # FIXME Add link to /priv/[user] + 'href' => &Apache::loncommon::authorspace(), }); &Apache::lonhtmlcommon::add_breadcrumb({ 'text' => 'File Operation', @@ -1404,13 +1493,13 @@ function writeDone() { {'add_entries' => \%loaditem,}) .&Apache::lonhtmlcommon::breadcrumbs() .&Apache::loncommon::head_subbox( - &Apache::loncommon::CSTR_pageheader()) + &Apache::loncommon::CSTR_pageheader($fn)) ); $r->print('' + $r->print('
' .&mt('Co-Author [_1]',$uname.':'.$udom) .'
' ); @@ -1442,8 +1531,11 @@ function writeDone() { $env{'form.action'} eq 'Select Action' ) { $r->print(''.&mt('Unknown Action').' '.$env{'form.action'}.'
'. - &Apache::loncommon::end_page()); + $r->print('' + .&mt('Unknown Action').' '.$env{'form.action'} + .'
' + .&Apache::loncommon::end_page() + ); return OK; } if ($env{'form.phase'} eq 'two') {