--- loncom/publisher/loncfile.pm 2004/08/24 21:21:41 1.62
+++ loncom/publisher/loncfile.pm 2005/05/30 16:56:46 1.69
@@ -9,7 +9,7 @@
# and displays a page showing the results of the action.
#
#
-# $Id: loncfile.pm,v 1.62 2004/08/24 21:21:41 albertel Exp $
+# $Id: loncfile.pm,v 1.69 2005/05/30 16:56:46 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -289,7 +289,7 @@ sub checksuffix {
}
sub cleanDest {
- my ($request,$dest,$subdir)=@_;
+ my ($request,$dest,$subdir,$fn,$uname)=@_;
#remove bad characters
my $foundbad=0;
if ($subdir && $dest =~/\./) {
@@ -300,6 +300,14 @@ sub cleanDest {
$foundbad=1;
$dest=~s/[\#\?&%\"]//g;
}
+ if ($dest=~m|/|) {
+ my ($newpath)=($dest=~m|(.*)/|);
+ $newpath=&relativeDest($fn,$newpath,$uname);
+ if (! -d "$newpath") {
+ $request->print("".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"'.$newpath.'"')."
");
+ $dest=~s|.*/||;
+ }
+ }
if ($foundbad) {
$request->print("".&mt('Invalid characters in requested name have been removed.')."
");
}
@@ -696,13 +704,19 @@ button which returns you to the driector
sub NewFile1 {
my ($request, $user, $domain, $fn, $newfilename) = @_;
- if ($ENV{'form.action'} =~ /new(.+)file/) {
+ if ($env{'form.action'} =~ /new(.+)file/) {
my $extension=$1;
##Informs User (name).(number).(extension) not allowed
if($newfilename =~ /\.(\d+)\.(\w+)$/){
$r->print(''.$newfilename.
- ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').')'.
+ ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').') '.
+ ' '.&mt('Not Allowed').'');
+ return;
+ }
+ if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){
+ $r->print(''.$newfilename.
+ ' - '.&mt('Bad Filename').'
('.&mt('Must not include').' '.$1.') '.
' '.&mt('Not Allowed').'');
return;
}
@@ -759,43 +773,45 @@ sub phaseone {
my ($r,$fn,$uname,$udom)=@_;
my $doingdir=0;
- if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; }
- my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir);
+ if ($env{'form.action'} eq 'newdir') { $doingdir=1; }
+ my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname);
$newfilename=&relativeDest($fn,$newfilename,$uname);
$r->print('');
}
- } elsif ($ENV{'form.action'} eq 'newdir') {
+ } elsif ($env{'form.action'} eq 'newdir') {
my $mode = '';
- if (exists($ENV{'form.callingmode'}) ) {
- $mode = $ENV{'form.callingmode'};
+ if (exists($env{'form.callingmode'}) ) {
+ $mode = $env{'form.callingmode'};
}
&NewDir1($r, $uname, $udom, $fn, $newfilename, $mode);
- } elsif ($ENV{'form.action'} eq 'newfile' ||
- $ENV{'form.action'} eq 'newhtmlfile' ||
- $ENV{'form.action'} eq 'newproblemfile' ||
- $ENV{'form.action'} eq 'newpagefile' ||
- $ENV{'form.action'} eq 'newsequencefile' ||
- $ENV{'form.action'} eq 'newrightsfile' ||
- $ENV{'form.action'} eq 'newstyfile' ||
- $ENV{'form.action'} eq 'Select Action') {
- if ($newfilename) {
+ } elsif ($env{'form.action'} eq 'newfile' ||
+ $env{'form.action'} eq 'newhtmlfile' ||
+ $env{'form.action'} eq 'newproblemfile' ||
+ $env{'form.action'} eq 'newpagefile' ||
+ $env{'form.action'} eq 'newsequencefile' ||
+ $env{'form.action'} eq 'newrightsfile' ||
+ $env{'form.action'} eq 'newstyfile' ||
+ $env{'form.action'} eq 'newlibraryfile' ||
+ $env{'form.action'} eq 'Select Action') {
+ my $empty=&mt('Type Name Here');
+ if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) {
&NewFile1($r, $uname, $udom, $fn, $newfilename);
} else {
$r->print(''.&mt('No new filename specified.').'
');
@@ -1101,67 +1117,66 @@ sub phasetwo {
$main=$2; # Filename.
}
if($main=~m:\.(\w+)$:){ # Fixes problems with filenames with no extensions
- $main=$`; #This is what is before the match (.) so it's just the main filename, yea it's nasty
$suffix=$1; #This is the actually filename extension if it exists
+ $main=~s/\.\w+$//; #strip the extension
}
my $dest; # On success this is where we'll go.
&Debug($r,"loncfile::phase2 dir = $dir main = $main suffix = $suffix");
- &Debug($r," newfilename = ".$ENV{'form.newfilename'});
+ &Debug($r," newfilename = ".$env{'form.newfilename'});
my $conspace=$fn;
&Debug($r,"loncfile::phase2 Full construction space name: $conspace");
- &Debug($r,"loncfie::phase2 action is $ENV{'form.action'}");
+ &Debug($r,"loncfie::phase2 action is $env{'form.action'}");
# Select the appropriate processing sub.
- if ($ENV{'form.action'} eq 'decompress') {
- $main .= '.';
- $main .= $suffix;
+ if ($env{'form.action'} eq 'decompress') {
+ $main .= '.'.$suffix;
if(!&decompress2($r, $uname, $dir, $main)) {
return ;
}
$dest = $dir."/.";
- } elsif ($ENV{'form.action'} eq 'rename' ||
- $ENV{'form.action'} eq 'move') {
- if($ENV{'form.newfilename'}) {
+ } elsif ($env{'form.action'} eq 'rename' ||
+ $env{'form.action'} eq 'move') {
+ if($env{'form.newfilename'}) {
if (!defined($dir)) {
$fn=~m:^(.*)/:;
$dir=$1;
}
- if(!&Rename2($r, $uname, $dir, $fn, $ENV{'form.newfilename'})) {
+ if(!&Rename2($r, $uname, $dir, $fn, $env{'form.newfilename'})) {
return;
}
- $dest = $ENV{'form.newfilename'};
+ $dest = $env{'form.newfilename'};
}
- } elsif ($ENV{'form.action'} eq 'delete') {
- if(!&Delete2($r, $uname, $ENV{'form.newfilename'})) {
+ } elsif ($env{'form.action'} eq 'delete') {
+ if(!&Delete2($r, $uname, $env{'form.newfilename'})) {
return ;
}
# Once a resource is deleted, we just list the directory that
# previously held it.
#
$dest = $dir."/."; # Parent dir.
- } elsif ($ENV{'form.action'} eq 'copy') {
- if($ENV{'form.newfilename'}) {
- if(!&Copy2($r, $uname, $dir, $fn, $ENV{'form.newfilename'})) {
+ } elsif ($env{'form.action'} eq 'copy') {
+ if($env{'form.newfilename'}) {
+ if(!&Copy2($r, $uname, $dir, $fn, $env{'form.newfilename'})) {
return ;
}
- $dest = $ENV{'form.newfilename'};
+ $dest = $env{'form.newfilename'};
} else {
$r->print(''.&mt('No New filename specified').'
');
return;
}
- } elsif ($ENV{'form.action'} eq 'newdir') {
- my $newdir= $ENV{'form.newfilename'};
+ } elsif ($env{'form.action'} eq 'newdir') {
+ my $newdir= $env{'form.newfilename'};
if(!&NewDir2($r, $uname, $newdir)) {
return;
}
$dest = $newdir."/";
}
- if ( ($ENV{'form.action'} eq 'newdir') && ($ENV{'form.phase'} eq 'two') && ( ($ENV{'form.callingmode'} eq 'testbank') || ($ENV{'form.callingmode'} eq 'imsimport') ) ) {
+ if ( ($env{'form.action'} eq 'newdir') && ($env{'form.phase'} eq 'two') && ( ($env{'form.callingmode'} eq 'testbank') || ($env{'form.callingmode'} eq 'imsimport') ) ) {
$r->print('');
} else {
$r->print('');
@@ -1175,8 +1190,8 @@ sub handler {
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress','action','filename','newfilename']);
&Debug($r, "loncfile.pm - handler entered");
- &Debug($r, " filename: ".$ENV{'form.filename'});
- &Debug($r, " newfilename: ".$ENV{'form.newfilename'});
+ &Debug($r, " filename: ".$env{'form.filename'});
+ &Debug($r, " newfilename: ".$env{'form.newfilename'});
#
# Determine the root filename
# This could come in as "filename", which actually is a URL, or
@@ -1184,28 +1199,28 @@ sub handler {
#
my $fn;
- if ($ENV{'form.filename'}) {
- &Debug($r, "test: $ENV{'form.filename'}");
- $fn=&Apache::lonnet::unescape($ENV{'form.filename'});
+ if ($env{'form.filename'}) {
+ &Debug($r, "test: $env{'form.filename'}");
+ $fn=&Apache::lonnet::unescape($env{'form.filename'});
$fn=&URLToPath($fn);
- } elsif($ENV{'QUERY_STRING'} && $ENV{'form.phase'} ne 'two') {
+ } elsif($ENV{'QUERY_STRING'} && $env{'form.phase'} ne 'two') {
#Just hijack the script only the first time around to inject the
#correct information for further processing
- $fn=&Apache::lonnet::unescape($ENV{'form.decompress'});
+ $fn=&Apache::lonnet::unescape($env{'form.decompress'});
$fn=&URLToPath($fn);
- $ENV{'form.action'}="decompress";
- } elsif ($ENV{'form.qualifiedfilename'}) {
- $fn=$ENV{'form.qualifiedfilename'};
+ $env{'form.action'}="decompress";
+ } elsif ($env{'form.qualifiedfilename'}) {
+ $fn=$env{'form.qualifiedfilename'};
} else {
&Debug($r, "loncfile::handler - no form.filename");
- $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
+ $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
' unspecified filename for cfile', $r->filename);
return HTTP_NOT_FOUND;
}
unless ($fn) {
&Debug($r, "loncfile::handler - doctored url is empty");
- $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
+ $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
' trying to cfile non-existing file', $r->filename);
return HTTP_NOT_FOUND;
}
@@ -1220,7 +1235,7 @@ sub handler {
"loncfile::handler constructaccess uname = $uname domain = $udom");
unless (($uname) && ($udom)) {
$r->log_reason($uname.' at '.$udom.
- ' trying to manipulate file '.$ENV{'form.filename'}.
+ ' trying to manipulate file '.$env{'form.filename'}.
' ('.$fn.') - not authorized',
$r->filename);
return HTTP_NOT_ACCEPTABLE;
@@ -1230,8 +1245,8 @@ sub handler {
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- if ( ($ENV{'form.action'} eq 'newdir') && ($ENV{'form.phase'} eq 'two') && ( ($ENV{'form.callingmode'} eq 'testbank') || ($ENV{'form.callingmode'} eq 'imsimport') ) ) {
- my $newdirname = $ENV{'form.newfilename'};
+ if ( ($env{'form.action'} eq 'newdir') && ($env{'form.phase'} eq 'two') && ( ($env{'form.callingmode'} eq 'testbank') || ($env{'form.callingmode'} eq 'imsimport') ) ) {
+ my $newdirname = $env{'form.newfilename'};
$r->print('LON-CAPA Construction Space