--- loncom/publisher/loncfile.pm	2003/03/08 01:41:53	1.28
+++ loncom/publisher/loncfile.pm	2003/06/19 21:04:37	1.32
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.28 2003/03/08 01:41:53 www Exp $
+# $Id: loncfile.pm,v 1.32 2003/06/19 21:04:37 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -387,6 +387,17 @@ sub checksuffix {
     }
     return $result;
 }
+
+sub cleanDest {
+    my ($request,$dest)=@_;
+    #remove bad characters
+    if  ($dest=~/[\#\?&]/) {
+	$request->print("<p><font color=\"red\">Invalid characters in requested name have been removed.</font></p>");
+	$dest=~s/[\#\?&]//g;
+    }
+    return $dest;
+}
+
 =pod
 
 =item CloseForm1($request, $user, $file)
@@ -412,7 +423,7 @@ sub CloseForm1 {
    &Debug($request, "Cancel url is: ".$cancelurl);
    $request->print('<p><input type="submit" value="Continue" /></p></form>');
    $request->print('<form action="'.$cancelurl.
-		   '" method="GET"><p><input type="submit" value="Cancel" /></p></form>');
+		   '" method="POST"><p><input type="submit" value="Cancel" /></p></form>');
 
 }
 
@@ -494,7 +505,7 @@ sub Rename1 {
     if(-e $conspace) {
 	if($ENV{'form.newfilename'}) {
 	    my $newfilename = $ENV{'form.newfilename'};
-	    if ($newfilename =~ m|^[^\.]+$|) {
+	    if ($newfilename =~ m|/[^\.]+$|) {
 		#no extension add on orignal extension
 		if ($filename =~ m|/[^\.]*\.([^\.]+)$|) {
 		    $newfilename.='.'.$1;
@@ -792,9 +803,9 @@ sub NewFile1 {
 	&Debug($request, "Dest url is: ".$dest);
 	$request->print('</form>');
 	$request->print('<form action="'.$dest.
-			'" method="GET"><p><input type="submit" value="Continue" /></p></form>');
+			'" method="POST"><p><input type="submit" value="Continue" /></p></form>');
 	$request->print('<form action="'.$cancelurl.
-			'" method="GET"><p><input type="submit" value="Cancel" /></p></form>');
+			'" method="POST"><p><input type="submit" value="Cancel" /></p></form>');
     }
 }
 
@@ -836,7 +847,8 @@ sub phaseone {
   
   #  my $conspace=ConstructionPathFromRelative($uname, $fn);
   
-  
+  $ENV{'form.newfilename'}=&cleanDest($r,$ENV{'form.newfilename'});
+
   $r->print('<form action="/adm/cfile" method="post">'.
 	    '<input type="hidden" name="filename" value="/~'.$uname.$fn.'" />'.
 	    '<input type="hidden" name="phase" value="two" />'.
@@ -865,7 +877,8 @@ sub phaseone {
 	    $ENV{'form.action'} eq 'newhtmlfile' ||
 	    $ENV{'form.action'} eq 'newproblemfile' ||
             $ENV{'form.action'} eq 'newpagefile' ||
-            $ENV{'form.action'} eq 'newsequencefile') {
+            $ENV{'form.action'} eq 'newsequencefile' ||
+            $ENV{'form.action'} eq 'Select Action') {
       if($ENV{'form.newfilename'}) {
 	  my $newfilename = $ENV{'form.newfilename'};
 	  if (!defined($dir)) {
@@ -1295,10 +1308,11 @@ sub handler {
 	   $ENV{'form.action'} eq 'newhtmlfile' ||
 	   $ENV{'form.action'} eq 'newproblemfile' ||
            $ENV{'form.action'} eq 'newpagefile' ||
-           $ENV{'form.action'} eq 'newsequencefile' ) {
+           $ENV{'form.action'} eq 'newsequencefile' ||
+           $ENV{'form.action'} eq 'Select Action' ) {
       $r->print('<h3>New Resource</h3>');
   } else {
-     $r->print('<p>Unknown Action</p></body></html>');
+     $r->print('<p>Unknown Action '.$ENV{'form.action'}.' </p></body></html>');
      return OK;  
   }
   if ($ENV{'form.phase'} eq 'two') {