--- loncom/publisher/lonretrieve.pm 2001/04/10 19:45:37 1.6 +++ loncom/publisher/lonretrieve.pm 2001/05/24 21:43:05 1.12 @@ -11,7 +11,7 @@ # 03/23 Guy Albertelli # 03/24,03/29 Gerd Kortemeyer) # -# 03/31,04/03 Gerd Kortemeyer +# 03/31,04/03,05/02,05/09 Gerd Kortemeyer package Apache::lonretrieve; @@ -19,6 +19,7 @@ use strict; use Apache::File; use File::Copy; use Apache::Constants qw(:common :http :methods); +use Apache::loncacc; sub phaseone { my ($r,$fn,$uname,$udom)=@_; @@ -37,7 +38,7 @@ sub phaseone { if (-e $resfn) { $r->print('
'); @@ -124,7 +141,7 @@ sub handler { if ($ENV{'form.filename'}) { $fn=$ENV{'form.filename'}; - $fn=~s/^http\:\/\/[^\/]+\/\~(\w+)//; + $fn=~s/^http\:\/\/[^\/]+//; } else { $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}. ' unspecified filename for retrieval', $r->filename); @@ -138,9 +155,20 @@ sub handler { } # ----------------------------------------------------------- Start page output + my $uname; + my $udom; - my $uname=$ENV{'user.name'}; - my $udom=$ENV{'user.domain'}; + unless (($uname,$udom)= + &Apache::loncacc::constructaccess( + $fn,$r->dir_config('lonDefDomain'))) { + $r->log_reason($uname.' at '.$udom. + ' trying to publish file '.$ENV{'form.filename'}. + ' ('.$fn.') - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; + } + + $fn=~s/\/\~(\w+)//; $r->content_type('text/html'); $r->send_http_header; @@ -152,6 +180,12 @@ sub handler { $r->print('