--- loncom/publisher/loncfile.pm 2010/04/13 22:28:42 1.100.2.4 +++ loncom/publisher/loncfile.pm 2011/10/22 21:25:37 1.107 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.100.2.4 2010/04/13 22:28:42 raeburn Exp $ +# $Id: loncfile.pm,v 1.107 2011/10/22 21:25:37 www Exp $ # # Copyright Michigan State University Board of Trustees # @@ -175,7 +175,8 @@ sub url { sub display { my $fn=shift; - $fn=~s-^/home/($match_username)/public_html-/priv/$1-; + $fn=~s/^\/home\/httpd\/html//; + $fn=~s/\/\.\//\//g; return ''.$fn.''; } @@ -348,6 +349,7 @@ sub cleanDest { my ($request,$dest,$subdir,$fn,$uname)=@_; #remove bad characters my $foundbad=0; + my $error=''; if ($subdir && $dest =~/\./) { $foundbad=1; $dest=~s/\.//g; @@ -359,7 +361,7 @@ sub cleanDest { } if ($dest=~m|/|) { my ($newpath)=($dest=~m|(.*)/|); - $newpath=&relativeDest($fn,$newpath,$uname); + ($newpath,$error)=&relativeDest($fn,$newpath,$uname); if (! -d "$newpath") { $request->print('

' .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name." @@ -384,11 +386,12 @@ sub cleanDest { .'

' ); } - return $dest; + return ($dest,$error); } sub relativeDest { my ($fn,$newfilename,$uname)=@_; + my $error = ''; if ($newfilename=~/^\//) { # absolute, simply add path $newfilename='/home/'.$uname.'/public_html/'; @@ -401,7 +404,18 @@ sub relativeDest { while ($newfilename=~m:/\.\./:) { $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. } - return $newfilename; + if ($newfilename =~ m{^/home/($match_username)/(?:public\_html|priv)/}) { + my $otheruname = $1; + unless ($otheruname eq $uname) { + my ($authorname,$authordom)= + &Apache::loncacc::constructaccess($newfilename,$env{'request.role.domain'}); + unless (($authorname eq $otheruname) && ($authordom ne '')) { + my $otherdir = &display($newfilename); + $error = &mt('Access denied to [_1]',$otherdir); + } + } + } + return ($newfilename,$error); } =pod @@ -690,15 +704,14 @@ sub Copy1 { $request->print('
'.&mt('Cancel').''); return; } - - $request->print( - '' - .'

' - .&mt('Copy [_1] to [_2]?', - &display($fn), - &display($newfilename)) - .'

' + $request->print( + '' + .'

' + .&mt('Copy [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'

' ); &CloseForm1($request, $fn); } else { @@ -757,10 +770,9 @@ sub NewDir1 { if ($type eq 'error') { $request->print(''); } else { - if ($mode eq 'testbank') { - $request->print(''); - } elsif ($mode eq 'imsimport') { - $request->print(''); + if (($mode eq 'testbank') || ($mode eq 'imsimport')) { + $request->print(''."\n". + ''); } $request->print('' @@ -859,7 +871,6 @@ sub NewFile1 { } my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty task library js css txt); - if (($extension eq '') || (!grep(/^\Q$extension\E/,@okexts))) { my $validexts = '.'.join(', .',@okexts); $request->print('

'. @@ -939,8 +950,23 @@ sub phaseone { my $doingdir=0; if ($env{'form.action'} eq 'newdir') { $doingdir=1; } - my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); - $newfilename=&relativeDest($fn,$newfilename,$uname); + my ($newfilename,$error) = + &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); + unless ($error) { + ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname); + } + if ($error) { + my $dirlist; + if ($fn=~m{^(.*/)[^/]+$}) { + $dirlist=$1; + } else { + $dirlist=$fn; + } + $r->print('

'.$error.'
'. + '

'.&mt('Return to Directory'). + '

'); + return; + } $r->print('
'. ''. ''. @@ -1073,10 +1099,11 @@ sub Rename2 { unlink $tmp2; } } else { - $request->print('

' - .&mt('No such file: [_1]', - &display($oldfile)) - .'

' + $request->print( + '

' + .&mt('No such file: [_1]', + &display($oldfile)) + .'

' ); return 0; } @@ -1450,14 +1477,30 @@ function writeDone() { $loaditem{'onload'} = "writeDone()"; } + # Breadcrumbs + &Apache::lonhtmlcommon::clear_breadcrumbs(); + &Apache::lonhtmlcommon::add_breadcrumb({ + 'text' => 'Construction Space', + 'href' => &Apache::loncommon::authorspace(), + }); + &Apache::lonhtmlcommon::add_breadcrumb({ + 'text' => 'File Operation', + 'title' => 'Construction Space File Operation', + 'href' => '', + }); + $r->print(&Apache::loncommon::start_page('Construction Space File Operation', $js, - {'add_entries' => \%loaditem,})); - + {'add_entries' => \%loaditem,}) + .&Apache::lonhtmlcommon::breadcrumbs() + .&Apache::loncommon::head_subbox( + &Apache::loncommon::CSTR_pageheader()) + ); + $r->print('

'.&mt('Location').': '.&display($fn).'

'); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - $r->print('

' + $r->print('

' .&mt('Co-Author [_1]',$uname.':'.$udom) .'

' );