--- loncom/publisher/loncfile.pm 2002/07/29 01:55:51 1.13 +++ loncom/publisher/loncfile.pm 2002/10/28 23:23:41 1.19 @@ -7,10 +7,10 @@ # presents a page that describes the proposed action to the user # and requests confirmation. The second phase commits the action # and displays a page showing the results of the action. -# +# # -# $Id: loncfile.pm,v 1.13 2002/07/29 01:55:51 foxr Exp $ +# $Id: loncfile.pm,v 1.19 2002/10/28 23:23:41 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -69,7 +69,7 @@ directory. =head1 INTRODUCTION loncfile is invoked when buttons in the top frame of the construction -space directory listing are clicked. All operations procede in two phases. +space directory listing are clicked. All operations proceed in two phases. The first phase describes to the user exactly what will be done. If the user confirms the operation, the second phase commits the operation and indicates completion. When the user dismisses the output of phase2, they are returned to @@ -86,10 +86,13 @@ package Apache::loncfile; use strict; use Apache::File; +use File::Basename; use File::Copy; +use HTML::Entities(); use Apache::Constants qw(:common :http :methods); use Apache::loncacc; use Apache::Log (); +use Apache::lonnet; my $DEBUG=0; my $r; # Needs to be global for some stuff RF. @@ -98,17 +101,17 @@ my $r; # Needs to be global for some =item Debug($request, $message) - If debugging is enabled puts out a debuggin message determined by the + If debugging is enabled puts out a debugging message determined by the caller. The debug message goes to the Apache error log file. Debugging - is enabled by ssetting the module global DEBUG variable to nonzero (TRUE). + is enabled by setting the module global DEBUG variable to nonzero (TRUE). Parameters: =over 4 -=item $request - The curretn request operation. +=item $request - The current request operation. -=item $message - The message to put inthe log file. +=item $message - The message to put in the log file. =back @@ -153,7 +156,7 @@ sub Debug { =over 4 -=item The corresponing file system path. +=item The corresponding file system path. =back @@ -180,7 +183,7 @@ sub URLToPath { =item PublicationPath($domain, $user, $dir, $file) - Determines the filesystem path corersponding to a published resource + Determines the filesystem path corresponding to a published resource specification. The returned value is the path. Parameters: @@ -191,7 +194,7 @@ Parameters: =item $user - string [in] Name of the user asking about the resource. -=item $dir - Directory pathr elatvie to the top of the resource space0 +=item $dir - Directory path relative to the top of the resource space. =item $file - name of the resource file itself without path info. @@ -219,7 +222,7 @@ sub PublicationPath =item ConstructionPath($domain, $user, $dir, $file) - Determines the filesystem path corersponding to a construction space + Determines the filesystem path corresponding to a construction space resource specification. The returned value is the path Parameters: @@ -227,7 +230,7 @@ Parameters: =item $user - string [in] Name of the user asking about the resource. -=item $dir - Directory path relatvie to the top of the resource space +=item $dir - Directory path relative to the top of the resource space. =item $file - name of the resource file itself without path info. @@ -285,7 +288,7 @@ sub ConstructionPathFromRelative { =item exists($user, $domain, $directory, $file) - Determine if a resource file name has been publisehd or exists + Determine if a resource file name has been published or exists in the construction space. Parameters: @@ -360,7 +363,7 @@ as a result of this operation. =over 4 -=item Empty string if everythikng worked. +=item Empty string if everything worked. =item String containing an error message if there was a problem. @@ -490,10 +493,11 @@ sub Rename1 { my $newfilename = $ENV{'form.newfilename'}; $request->print(&checksuffix($filename, $newfilename)); $request->print(&exists($user, $domain, $dir, $newfilename)); + my $dest=&SimplifyDir($dir,$newfilename); $request->print('
Rename '.$filename.' to '. - $dir.'/'.$newfilename.'?
'); + '">Rename '.$filename.'
to '.
+ $dest.'?
No new filename specified
'); @@ -552,8 +556,8 @@ sub Delete1 { =item Copy1($request, $user, $domain, $filename, $newfilename) Performs phase 1 processing of the construction space copy command. - Ensure that the source fil eexists. Ensure that a destination exists, - also warn if the detination already exists. + Ensure that the source file exists. Ensure that a destination exists, + also warn if the destination already exists. Parameters: @@ -584,14 +588,14 @@ sub Copy1 { $cancelurl =~ s/\/public_html//; - if(-e $filename) { $request->print(&checksuffix($filename,$newfilename)); $request->print(&exists($user, $domain, $dir, $newfilename)); + my $dest=&SimplifyDir($dir,$newfilename); $request->print('Copy '.$filename.' to'. - ''.$dir.'/'.$newfilename.'/?
'); + '">Copy '.$filename.'
to '.
+ ''.$dest.'?
No such file '.$filename.'
'); @@ -600,6 +604,34 @@ sub Copy1 { =pod +=item SimplifyDir + + Removes all extra / and all .. references + +Parameters: + +=over 4 + +=item $dir - string [in] a directory name + +=item $file - string [in] a file reference relative to $dir + +=back + +Results: the concatenated path. + +=cut + +sub SimplifyDir { + my ($dir,$file) = @_; + my $location = $dir. '/'.$file; + $location=~s://+:/:g; # remove duplicate / + while ($location=~m:/\.\./:) {$location=~s:/[^/]+/\.\./:/:g;}#remove dir/.. + return $location; +} + +=pod + =item NewDir1 Does all phase 1 processing of directory creation: @@ -611,11 +643,11 @@ Parameters: =over 4 =item $request - Apache Request Object [in] - Server request object for the - current url.. + current url. =item $username - Name of the user that is requesting the directory creation. -=item $path - current directory relative to construction spacee. +=item $path - current directory relative to construction space. =item $newdir - Name of the directory to be created; path relative to the top level of construction space. @@ -680,7 +712,7 @@ performed and reported to the user. =item $uname - string [in] Name of user logged in and doing this action. -=item $udom - string [in] Domain nmae under which the user logged in. +=item $udom - string [in] Domain name under which the user logged in. =back @@ -727,7 +759,7 @@ sub phaseone { =item Rename2($request, $user, $directory, $oldfile, $newfile) -Performs phase 2 procesing of a rename reequest. This is where the +Performs phase 2 processing of a rename reequest. This is where the actual rename is performed. Parameters @@ -797,8 +829,8 @@ Parameters: =item $user - string [in] The name of the user initiating the delete request. -=item $filename - string [in] The name of the file, relative to construction space, - to delete. +=item $filename - string [in] The name of the file, relative to construction + space, to delete. =back @@ -856,9 +888,13 @@ sub Copy2 { &Debug($request ,"Will try to copy $oldfile to $newfile"); if(-e $oldfile) { unless (copy($oldfile, $newfile)) { - $request->print(' Error: '.$!.''); + $request->print(' copy Error: '.$!.''); return 0; } else { + unless (chmod(0660, $newfile)) { + $request->print(' chmod error: '.$!.''); + return 0; + } return 1; } } else { @@ -1012,6 +1048,12 @@ sub phasetwo { &Debug($r, "Final url is: $dest"); $dest =~ s/\/home\//\/priv\//; $dest =~ s/\/public_html//; + + my $base = &File::Basename::basename($dest); + my $dpath= &File::Basename::dirname($dest); + $dest = &HTML::Entities::encode($dpath.'/'.$base); + + &Debug($r, "Final url after rewrite: $dest"); $r->print('