--- loncom/publisher/loncfile.pm 2004/05/26 22:25:38 1.55 +++ loncom/publisher/loncfile.pm 2006/11/22 22:10:58 1.78 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.55 2004/05/26 22:25:38 albertel Exp $ +# $Id: loncfile.pm,v 1.78 2006/11/22 22:10:58 banghart Exp $ # # Copyright Michigan State University Board of Trustees # @@ -69,10 +69,12 @@ use File::Copy; use HTML::Entities(); use Apache::Constants qw(:common :http :methods); use Apache::loncacc; -use Apache::Log (); use Apache::lonnet; use Apache::loncommon(); use Apache::lonlocal; +use lib '/home/httpd/lib/perl/'; +use LONCAPA; + my $DEBUG=0; my $r; # Needs to be global for some stuff RF. @@ -101,16 +103,9 @@ my $r; # Needs to be global for some =cut sub Debug { - - # Marshall the parameters. - - my $r = shift; - my $log = $r->log; - my $message = shift; - # Put out the indicated message butonly if DEBUG is true. - if ($DEBUG) { + my ($r,$message) = @_; $r->log_reason($message); } } @@ -164,6 +159,7 @@ sub URLToPath { sub url { my $fn=shift; $fn=~s/^\/home\/(\w+)\/public\_html/\/priv\/$1/; + $fn=&HTML::Entities::encode($fn,'<>"&'); return $fn; } @@ -193,7 +189,32 @@ sub obsolete_unpub { } } - +# see if directory is empty +# ignores any .meta, .save, .bak, and .log files created for a previously +# published file, which has since been marked obsolete and deleted. +sub empty_directory { + my ($dirname,$phase) = @_; + if (opendir DIR, $dirname) { + my @files = grep(!/^\.\.?$/, readdir(DIR)); # ignore . and .. + if (@files) { + my @orphans = grep(/\.(meta|save|log|bak)$/,@files); + if (scalar(@files) - scalar(@orphans) > 0) { + return 0; + } else { + if (($phase eq 'Delete2') && (@orphans > 0)) { + foreach my $file (@orphans) { + if ($file =~ /\.(meta|save|log|bak)$/) { + unlink($dirname.$file); + } + } + } + } + } + closedir(DIR); + return 1; + } + return 0; +} =pod @@ -288,11 +309,27 @@ sub checksuffix { } sub cleanDest { - my ($request,$dest)=@_; + my ($request,$dest,$subdir,$fn,$uname)=@_; #remove bad characters - if ($dest=~/[\#\?&]/) { + my $foundbad=0; + if ($subdir && $dest =~/\./) { + $foundbad=1; + $dest=~s/\.//g; + } + if ($dest=~/[\#\?&%\":]/) { + $foundbad=1; + $dest=~s/[\#\?&%\":]//g; + } + if ($dest=~m|/|) { + my ($newpath)=($dest=~m|(.*)/|); + $newpath=&relativeDest($fn,$newpath,$uname); + if (! -d "$newpath") { + $request->print("

".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"'.$newpath.'"')."

"); + $dest=~s|.*/||; + } + } + if ($foundbad) { $request->print("

".&mt('Invalid characters in requested name have been removed.')."

"); - $dest=~s/[\#\?&]//g; } return $dest; } @@ -502,11 +539,20 @@ sub Delete1 { if( -e $fn) { $request->print(''); - unless (&obsolete_unpub($user,$domain,$fn)) { - $request->print('

'.&mt('Cannot delete non-obsolete published file').'

'. + if (-d $fn) { + unless (&empty_directory($fn,'Delete1')) { + $request->print('

'.&mt('Only empty directories may be deleted.').'

'. + 'You must delete the contents of the directory first.
'. + '
'.&mt('Cancel').''); + return; + } + } else { + unless (&obsolete_unpub($user,$domain,$fn)) { + $request->print('

'.&mt('Cannot delete non-obsolete published file').'

'. '
'.&mt('Cancel').''); - return; - } + return; + } + } $request->print('

'.&mt('Delete').' '.&display($fn).'?

'); &CloseForm1($request, $fn); } else { @@ -687,13 +733,19 @@ button which returns you to the driector sub NewFile1 { my ($request, $user, $domain, $fn, $newfilename) = @_; - if ($ENV{'form.action'} =~ /new(.+)file/) { + if ($env{'form.action'} =~ /new(.+)file/) { my $extension=$1; ##Informs User (name).(number).(extension) not allowed if($newfilename =~ /\.(\d+)\.(\w+)$/){ $r->print(''.$newfilename. - ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').')'. + ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').') '. + ' '.&mt('Not Allowed').'
'); + return; + } + if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){ + $r->print(''.$newfilename. + ' - '.&mt('Bad Filename').'
('.&mt('Must not include').' '.$1.') '. ' '.&mt('Not Allowed').'
'); return; } @@ -749,42 +801,46 @@ performed and reported to the user. sub phaseone { my ($r,$fn,$uname,$udom)=@_; - my $newfilename=&cleanDest($r,$ENV{'form.newfilename'}); + my $doingdir=0; + if ($env{'form.action'} eq 'newdir') { $doingdir=1; } + my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); $newfilename=&relativeDest($fn,$newfilename,$uname); $r->print('
'. ''. ''. - ''); + ''); - if ($ENV{'form.action'} eq 'rename') { + if ($env{'form.action'} eq 'rename') { &Rename1($r, $uname, $udom, $fn, $newfilename, 'rename'); - } elsif ($ENV{'form.action'} eq 'move') { + } elsif ($env{'form.action'} eq 'move') { &Rename1($r, $uname, $udom, $fn, $newfilename, 'move'); - } elsif ($ENV{'form.action'} eq 'delete') { + } elsif ($env{'form.action'} eq 'delete') { &Delete1($r, $uname, $udom, $fn); - } elsif ($ENV{'form.action'} eq 'decompress') { + } elsif ($env{'form.action'} eq 'decompress') { &Decompress1($r, $uname, $udom, $fn); - } elsif ($ENV{'form.action'} eq 'copy') { + } elsif ($env{'form.action'} eq 'copy') { if($newfilename) { &Copy1($r, $uname, $udom, $fn, $newfilename); } else { $r->print('

'.&mt('No new filename specified.').'

'); } - } elsif ($ENV{'form.action'} eq 'newdir') { + } elsif ($env{'form.action'} eq 'newdir') { my $mode = ''; - if (exists($ENV{'form.callingmode'}) ) { - $mode = $ENV{'form.callingmode'}; + if (exists($env{'form.callingmode'}) ) { + $mode = $env{'form.callingmode'}; } &NewDir1($r, $uname, $udom, $fn, $newfilename, $mode); - } elsif ($ENV{'form.action'} eq 'newfile' || - $ENV{'form.action'} eq 'newhtmlfile' || - $ENV{'form.action'} eq 'newproblemfile' || - $ENV{'form.action'} eq 'newpagefile' || - $ENV{'form.action'} eq 'newsequencefile' || - $ENV{'form.action'} eq 'newrightsfile' || - $ENV{'form.action'} eq 'newstyfile' || - $ENV{'form.action'} eq 'Select Action') { - if ($newfilename) { + } elsif ($env{'form.action'} eq 'newfile' || + $env{'form.action'} eq 'newhtmlfile' || + $env{'form.action'} eq 'newproblemfile' || + $env{'form.action'} eq 'newpagefile' || + $env{'form.action'} eq 'newsequencefile' || + $env{'form.action'} eq 'newrightsfile' || + $env{'form.action'} eq 'newstyfile' || + $env{'form.action'} eq 'newlibraryfile' || + $env{'form.action'} eq 'Select Action') { + my $empty=&mt('Type Name Here'); + if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) { &NewFile1($r, $uname, $udom, $fn, $newfilename); } else { $r->print('

'.&mt('No new filename specified.').'

'); @@ -911,10 +967,8 @@ Returns: sub Delete2 { my ($request, $user, $filename) = @_; - if(opendir DIR, $filename) { - my @files=readdir(DIR); - shift @files; shift @files; # takes off . and .. - if(@files) { + if (-d $filename) { + unless (&empty_directory($filename,'Delete2')) { $request->print(' '.&mt('Error: Directory Non Empty').''); return 0; } else { @@ -966,7 +1020,7 @@ sub Delete2 { =back -Returns 0 failure, and 0 successs. +Returns 0 failure, and 1 successs. =cut @@ -974,14 +1028,23 @@ sub Copy2 { my ($request, $username, $dir, $oldfile, $newfile) = @_; &Debug($request ,"Will try to copy $oldfile to $newfile"); if(-e $oldfile) { + if ($oldfile eq $newfile) { + $request->print(' '.&mt('Warning').': '.&mt('Name of new file is the same as name of old file').' - '.&mt('no action taken').'.'); + return 1; + } unless (copy($oldfile, $newfile)) { $request->print(' '.&mt('copy Error').': '.$!.''); return 0; + } elsif (!chmod(0660, $newfile)) { + $request->print(' '.&mt('chmod error').': '.$!.''); + return 0; + } elsif (-e $oldfile.'.meta' && + !copy($oldfile.'.meta', $newfile.'.meta') && + !chmod(0660, $newfile.'.meta')) { + $request->print(' '.&mt('copy metadata error'). + ': '.$!.''); + return 0; } else { - unless (chmod(0660, $newfile)) { - $request->print(' '.&mt('chmod error').': '.$!.''); - return 0; - } return 1; } } else { @@ -1075,7 +1138,7 @@ sub phasetwo { &Debug($r, "loncfile - Entering phase 2 for $fn"); - # Break down the file into it's component pieces. + # Break down the file into its component pieces. my $dir; # Directory path my $main; # Filename. @@ -1085,66 +1148,66 @@ sub phasetwo { $main=$2; # Filename. } if($main=~m:\.(\w+)$:){ # Fixes problems with filenames with no extensions - $main=$`; #This is what is before the match (.) so it's just the main filename, yea it's nasty $suffix=$1; #This is the actually filename extension if it exists + $main=~s/\.\w+$//; #strip the extension } my $dest; # On success this is where we'll go. &Debug($r,"loncfile::phase2 dir = $dir main = $main suffix = $suffix"); - &Debug($r," newfilename = ".$ENV{'form.newfilename'}); + &Debug($r," newfilename = ".$env{'form.newfilename'}); my $conspace=$fn; &Debug($r,"loncfile::phase2 Full construction space name: $conspace"); - &Debug($r,"loncfie::phase2 action is $ENV{'form.action'}"); + &Debug($r,"loncfie::phase2 action is $env{'form.action'}"); # Select the appropriate processing sub. - if ($ENV{'form.action'} eq 'decompress') { - $main .= '.'; - $main .= $suffix; + if ($env{'form.action'} eq 'decompress') { + $main .= '.'.$suffix; if(!&decompress2($r, $uname, $dir, $main)) { return ; } $dest = $dir."/."; - } elsif ($ENV{'form.action'} eq 'rename') { # Rename. - if($ENV{'form.newfilename'}) { + } elsif ($env{'form.action'} eq 'rename' || + $env{'form.action'} eq 'move') { + if($env{'form.newfilename'}) { if (!defined($dir)) { $fn=~m:^(.*)/:; $dir=$1; } - if(!&Rename2($r, $uname, $dir, $fn, $ENV{'form.newfilename'})) { + if(!&Rename2($r, $uname, $dir, $fn, $env{'form.newfilename'})) { return; } - $dest = &url($ENV{'form.newfilename'}); + $dest = $dir."/"; } - } elsif ($ENV{'form.action'} eq 'delete') { - if(!&Delete2($r, $uname, $ENV{'form.newfilename'})) { + } elsif ($env{'form.action'} eq 'delete') { + if(!&Delete2($r, $uname, $env{'form.newfilename'})) { return ; } # Once a resource is deleted, we just list the directory that # previously held it. # $dest = $dir."/."; # Parent dir. - } elsif ($ENV{'form.action'} eq 'copy') { - if($ENV{'form.newfilename'}) { - if(!&Copy2($r, $uname, $dir, $fn, $ENV{'form.newfilename'})) { + } elsif ($env{'form.action'} eq 'copy') { + if($env{'form.newfilename'}) { + if(!&Copy2($r, $uname, $dir, $fn, $env{'form.newfilename'})) { return ; } - $dest = $ENV{'form.newfilename'}; + $dest = $env{'form.newfilename'}; } else { $r->print('

'.&mt('No New filename specified').'

'); return; } - } elsif ($ENV{'form.action'} eq 'newdir') { - my $newdir= $ENV{'form.newfilename'}; + } elsif ($env{'form.action'} eq 'newdir') { + my $newdir= $env{'form.newfilename'}; if(!&NewDir2($r, $uname, $newdir)) { return; } $dest = $newdir."/"; } - if ( ($ENV{'form.action'} eq 'newdir') && ($ENV{'form.phase'} eq 'two') && ( ($ENV{'form.callingmode'} eq 'testbank') || ($ENV{'form.callingmode'} eq 'imsimport') ) ) { + if ( ($env{'form.action'} eq 'newdir') && ($env{'form.phase'} eq 'two') && ( ($env{'form.callingmode'} eq 'testbank') || ($env{'form.callingmode'} eq 'imsimport') ) ) { $r->print('

'.&mt('Done').'

'); } else { $r->print('

'.&mt('Done').'

'); @@ -1155,10 +1218,11 @@ sub handler { $r=shift; + &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress','action','filename','newfilename']); &Debug($r, "loncfile.pm - handler entered"); - &Debug($r, " filename: ".$ENV{'form.filename'}); - &Debug($r, " newfilename: ".$ENV{'form.newfilename'}); + &Debug($r, " filename: ".$env{'form.filename'}); + &Debug($r, " newfilename: ".$env{'form.newfilename'}); # # Determine the root filename # This could come in as "filename", which actually is a URL, or @@ -1166,29 +1230,28 @@ sub handler { # my $fn; - if ($ENV{'form.filename'}) { - &Debug($r, "test: $ENV{'form.filename'}"); - $fn=&Apache::lonnet::unescape($ENV{'form.filename'}); + if ($env{'form.filename'}) { + &Debug($r, "test: $env{'form.filename'}"); + $fn=&unescape($env{'form.filename'}); $fn=&URLToPath($fn); - } elsif($ENV{'QUERY_STRING'} && $ENV{'form.phase'} ne 'two') { + } elsif($ENV{'QUERY_STRING'} && $env{'form.phase'} ne 'two') { #Just hijack the script only the first time around to inject the #correct information for further processing - &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress']); - $fn=&Apache::lonnet::unescape($ENV{'form.decompress'}); + $fn=&unescape($env{'form.decompress'}); $fn=&URLToPath($fn); - $ENV{'form.action'}="decompress"; - } elsif ($ENV{'form.qualifiedfilename'}) { - $fn=$ENV{'form.qualifiedfilename'}; + $env{'form.action'}="decompress"; + } elsif ($env{'form.qualifiedfilename'}) { + $fn=$env{'form.qualifiedfilename'}; } else { &Debug($r, "loncfile::handler - no form.filename"); - $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}. + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. ' unspecified filename for cfile', $r->filename); return HTTP_NOT_FOUND; } unless ($fn) { &Debug($r, "loncfile::handler - doctored url is empty"); - $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}. + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. ' trying to cfile non-existing file', $r->filename); return HTTP_NOT_FOUND; } @@ -1203,7 +1266,7 @@ sub handler { "loncfile::handler constructaccess uname = $uname domain = $udom"); unless (($uname) && ($udom)) { $r->log_reason($uname.' at '.$udom. - ' trying to manipulate file '.$ENV{'form.filename'}. + ' trying to manipulate file '.$env{'form.filename'}. ' ('.$fn.') - not authorized', $r->filename); return HTTP_NOT_ACCEPTABLE; @@ -1213,10 +1276,12 @@ sub handler { &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; - if ( ($ENV{'form.action'} eq 'newdir') && ($ENV{'form.phase'} eq 'two') && ( ($ENV{'form.callingmode'} eq 'testbank') || ($ENV{'form.callingmode'} eq 'imsimport') ) ) { - my $newdirname = $ENV{'form.newfilename'}; - $r->print('LON-CAPA Construction Space - |); - my $loaditem = 'onLoad="writeDone()"'; - $r->print(&Apache::loncommon::bodytag('Construction Space File Operation','',$loaditem)); - } else { - $r->print('LON-CAPA Construction Space'); - $r->print(&Apache::loncommon::bodytag('Construction Space File Operation')); +|; + $loaditem{'onload'} = "writeDone()"; } - + + $r->print(&Apache::loncommon::start_page('Construction Space File Operation', + $js, + {'add_entries' => \%loaditem,})); $r->print('

'.&mt('Location').': '.&display($fn).'

'); - if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) { + if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { $r->print('

'.&mt('Co-Author').': '.$uname.' at '.$udom. '

'); } - &Debug($r, "loncfile::handler Form action is $ENV{'form.action'} "); - if ($ENV{'form.action'} eq 'delete') { + &Debug($r, "loncfile::handler Form action is $env{'form.action'} "); + if ($env{'form.action'} eq 'delete') { $r->print('

'.&mt('Delete').'

'); - } elsif ($ENV{'form.action'} eq 'rename') { + } elsif ($env{'form.action'} eq 'rename') { $r->print('

'.&mt('Rename').'

'); - } elsif ($ENV{'form.action'} eq 'move') { + } elsif ($env{'form.action'} eq 'move') { $r->print('

'.&mt('Move').'

'); - } elsif ($ENV{'form.action'} eq 'newdir') { + } elsif ($env{'form.action'} eq 'newdir') { $r->print('

'.&mt('New Directory').'

'); - } elsif ($ENV{'form.action'} eq 'decompress') { + } elsif ($env{'form.action'} eq 'decompress') { $r->print('

'.&mt('Decompress').'

'); - } elsif ($ENV{'form.action'} eq 'copy') { + } elsif ($env{'form.action'} eq 'copy') { $r->print('

'.&mt('Copy').'

'); - } elsif ($ENV{'form.action'} eq 'newfile' || - $ENV{'form.action'} eq 'newhtmlfile' || - $ENV{'form.action'} eq 'newproblemfile' || - $ENV{'form.action'} eq 'newpagefile' || - $ENV{'form.action'} eq 'newsequencefile' || - $ENV{'form.action'} eq 'newrightsfile' || - $ENV{'form.action'} eq 'newstyfile' || - $ENV{'form.action'} eq 'Select Action' ) { + } elsif ($env{'form.action'} eq 'newfile' || + $env{'form.action'} eq 'newhtmlfile' || + $env{'form.action'} eq 'newproblemfile' || + $env{'form.action'} eq 'newpagefile' || + $env{'form.action'} eq 'newsequencefile' || + $env{'form.action'} eq 'newrightsfile' || + $env{'form.action'} eq 'newstyfile' || + $env{'form.action'} eq 'newlibraryfile' || + $env{'form.action'} eq 'Select Action' ) { $r->print('

'.&mt('New Resource').'

'); } else { - $r->print('

'.&mt('Unknown Action').' '.$ENV{'form.action'}.'

'); + $r->print('

'.&mt('Unknown Action').' '.$env{'form.action'}.'

'. + &Apache::loncommon::end_page()); return OK; } - if ($ENV{'form.phase'} eq 'two') { + if ($env{'form.phase'} eq 'two') { &Debug($r, "loncfile::handler entering phase2"); &phasetwo($r,$fn,$uname,$udom); } else { @@ -1275,7 +1341,7 @@ function writeDone() { &phaseone($r,$fn,$uname,$udom); } - $r->print(''); + $r->print(&Apache::loncommon::end_page()); return OK; }