--- loncom/publisher/loncfile.pm 2011/10/22 21:25:37 1.107 +++ loncom/publisher/loncfile.pm 2011/11/02 19:12:40 1.113 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.107 2011/10/22 21:25:37 www Exp $ +# $Id: loncfile.pm,v 1.113 2011/11/02 19:12:40 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -158,25 +158,28 @@ Global References sub URLToPath { my $Url = shift; &Debug($r, "UrlToPath got: $Url"); - $Url=~ s/\/+/\//g; - $Url=~ s/^https?\:\/\/[^\/]+//; - $Url=~ s/^\///; - $Url=~ s/(\~|priv\/)($match_username)\//\/home\/$2\/public_html\//; + $Url=~ s{^https?\://[^/]+}{}; + $Url=~ s{//+}{/}g; + $Url=~ s{^/}{}; + $Url=$Apache::lonnet::perlvar{'lonDocRoot'}."/$Url"; &Debug($r, "Returning $Url \n"); return $Url; } sub url { my $fn=shift; - $fn=~s/^\/home\/($match_username)\/public\_html/\/priv\/$1/; + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; + $fn=~ s/^\Q$londocroot\E//; + $fn=~s{/\./}{/}g; $fn=&HTML::Entities::encode($fn,'<>"&'); return $fn; } sub display { my $fn=shift; - $fn=~s/^\/home\/httpd\/html//; - $fn=~s/\/\.\//\//g; + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; + $fn=~s/^\Q$londocroot\E//; + $fn=~s{/\./}{/}g; return ''.$fn.''; } @@ -187,9 +190,9 @@ sub display { sub obsolete_unpub { my ($user,$domain,$construct)=@_; + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; my $published=$construct; - $published=~ - s/^\/home\/$user\/public\_html\//\/home\/httpd\/html\/res\/$domain\/$user\//; + $published=~s{^\Q$londocroot/priv/\E}{$londocroot/res/}; if (-e $published) { if (&Apache::lonnet::metadata($published,'obsolete')) { return 1; @@ -270,9 +273,9 @@ sub exists { my ($user, $domain, $construct, $creating) = @_; $creating ||= 'file'; + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; my $published=$construct; - $published=~ - s{^/home/$user/public_html/}{/home/httpd/html/res/$domain/$user/}; + $published=~s{^\Q$londocroot/priv/\E}{$londocroot/res/}; my ($type,$result); if ( -d $construct ) { return ('error','

'.&mt('Error: destination for operation is an existing directory.').'

'); @@ -346,7 +349,7 @@ sub checksuffix { } sub cleanDest { - my ($request,$dest,$subdir,$fn,$uname)=@_; + my ($request,$dest,$subdir,$fn,$uname,$udom)=@_; #remove bad characters my $foundbad=0; my $error=''; @@ -361,7 +364,7 @@ sub cleanDest { } if ($dest=~m|/|) { my ($newpath)=($dest=~m|(.*)/|); - ($newpath,$error)=&relativeDest($fn,$newpath,$uname); + ($newpath,$error)=&relativeDest($fn,$newpath,$uname,$udom); if (! -d "$newpath") { $request->print('

' .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name." @@ -390,30 +393,25 @@ sub cleanDest { } sub relativeDest { - my ($fn,$newfilename,$uname)=@_; + my ($fn,$newfilename,$uname,$udom)=@_; my $error = ''; if ($newfilename=~/^\//) { # absolute, simply add path - $newfilename='/home/'.$uname.'/public_html/'; + my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'}; + $newfilename="$londocroot/res/$udom/$uname/"; } else { my $dir=$fn; - $dir=~s/\/[^\/]+$//; + $dir=~s{/[^/]+$}{}; $newfilename=$dir.'/'.$newfilename; } - $newfilename=~s://+:/:g; # remove duplicate / - while ($newfilename=~m:/\.\./:) { - $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. - } - if ($newfilename =~ m{^/home/($match_username)/(?:public\_html|priv)/}) { - my $otheruname = $1; - unless ($otheruname eq $uname) { - my ($authorname,$authordom)= - &Apache::loncacc::constructaccess($newfilename,$env{'request.role.domain'}); - unless (($authorname eq $otheruname) && ($authordom ne '')) { - my $otherdir = &display($newfilename); - $error = &mt('Access denied to [_1]',$otherdir); - } - } + $newfilename=~s{//+}{/}g; # remove duplicate / + while ($newfilename=~m{/\.\./}) { + $newfilename=~ s{/[^/]+/\.\./}{/}g; #remove dir/.. + } + my ($authorname,$authordom)=&Apache::loncacc::constructaccess($newfilename); + unless (($authorname) && ($authordom)) { + my $otherdir = &display($newfilename); + $error = &mt('Access denied to [_1]',$otherdir); } return ($newfilename,$error); } @@ -951,9 +949,9 @@ sub phaseone { my $doingdir=0; if ($env{'form.action'} eq 'newdir') { $doingdir=1; } my ($newfilename,$error) = - &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); + &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname,$udom); unless ($error) { - ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname); + ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname,$udom); } if ($error) { my $dirlist; @@ -1442,14 +1440,11 @@ sub handler { } # ----------------------------------------------------------- Start page output - my $uname; - my $udom; - ($uname,$udom)= - &Apache::loncacc::constructaccess($fn,$r->dir_config('lonDefDomain')); + my ($uname,$udom) = &Apache::loncacc::constructaccess($fn); &Debug($r, "loncfile::handler constructaccess uname = $uname domain = $udom"); - unless (($uname) && ($udom)) { + if (($uname eq '') || ($udom eq '')) { $r->log_reason($uname.' at '.$udom. ' trying to manipulate file '.$env{'form.filename'}. ' ('.$fn.') - not authorized', @@ -1476,6 +1471,10 @@ function writeDone() { |; $loaditem{'onload'} = "writeDone()"; } + + my $londocroot = $r->dir_config('lonDocRoot'); + my $trailfile = $fn; + $trailfile =~ s{^/(priv/)}{$londocroot/$1}; # Breadcrumbs &Apache::lonhtmlcommon::clear_breadcrumbs(); @@ -1494,7 +1493,7 @@ function writeDone() { {'add_entries' => \%loaditem,}) .&Apache::lonhtmlcommon::breadcrumbs() .&Apache::loncommon::head_subbox( - &Apache::loncommon::CSTR_pageheader()) + &Apache::loncommon::CSTR_pageheader($trailfile)) ); $r->print('

'.&mt('Location').': '.&display($fn).'

');