--- loncom/publisher/lonupload.pm 2008/12/17 19:18:47 1.38.2.2
+++ loncom/publisher/lonupload.pm 2017/11/12 23:01:00 1.68
@@ -1,8 +1,7 @@
-
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
-# $Id: lonupload.pm,v 1.38.2.2 2008/12/17 19:18:47 raeburn Exp $
+# $Id: lonupload.pm,v 1.68 2017/11/12 23:01:00 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -28,6 +27,97 @@
#
###
+=head1 NAME
+
+Apache::lonupload - upload files into construction space
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonupload
+ ErrorDocument 403 /adm/login
+ ErrorDocument 404 /adm/notfound.html
+ ErrorDocument 406 /adm/unauthorized.html
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 INTRODUCTION
+
+This module uploads a file sitting on a client computer into
+library server construction space.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Initialize variables
+
+=item *
+
+Start page output
+
+=item *
+
+output relevant interface phase (phaseone, phasetwo, phasethree or phasefour)
+
+=item *
+
+(phase one is to specify upload file; phase two is to handle conditions
+subsequent to specification--like overwriting an existing file; phase three
+is to handle processing of secondary uploads - of embedded objects in an
+html file).
+
+=back
+
+=head1 OTHER SUBROUTINES
+
+=over
+
+=item phaseone()
+
+Interface for specifying file to upload.
+
+=item phasetwo()
+
+Interface for handling post-conditions about uploading (such
+as overwriting an existing file).
+
+=item phasethree()
+
+Interface for handling secondary uploads of embedded objects
+in an html file.
+
+=item phasefour()
+
+Interface for handling optional renaming of links to embedded
+objects.
+
+=item upfile_store()
+
+Store contents of uploaded file into temporary space. Invoked
+by phaseone subroutine.
+
+=item check_extension()
+
+Checks if filename extension is permitted and checks type
+ of file - if html file, calls parser to check for embedded objects.
+ Invoked by phasetwo subroutine.
+
+=back
+
+=cut
+
package Apache::lonupload;
use strict;
@@ -35,13 +125,12 @@ use Apache::File;
use File::Copy;
use File::Basename;
use Apache::Constants qw(:common :http :methods);
-use Apache::loncacc;
use Apache::loncommon();
use Apache::lonnet;
use HTML::Entities();
use Apache::lonlocal;
use Apache::lonnet;
-use LONCAPA();
+use LONCAPA qw(:DEFAULT :match);
my $DEBUG=0;
@@ -61,8 +150,12 @@ sub upfile_store {
chomp($env{'form.upfile'});
- my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
- '_upload_'.$fname.'_'.time.'_'.$$;
+ my $datatoken;
+ if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
+ $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
+ '_upload_'.$fname.'_'.time.'_'.$$;
+ }
+ return if ($datatoken eq '');
{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');
@@ -72,71 +165,106 @@ sub upfile_store {
}
sub phaseone {
- my ($r,$fn,$uname,$udom,$mode)=@_;
+ my ($r,$fn,$mode,$uname,$udom)=@_;
my $action = '/adm/upload';
if ($mode eq 'testbank') {
$action = '/adm/testbank';
} elsif ($mode eq 'imsimport') {
$action = '/adm/imsimport';
}
+
+ # Check for file to be uploaded
$env{'form.upfile.filename'}=~s/\\/\//g;
$env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
- if ($env{'form.upfile.filename'}) {
- $fn=~s/\/[^\/]+$//;
- $fn=~s/([^\/])$/$1\//;
- $fn.=$env{'form.upfile.filename'};
- $fn=~s/^\///;
- $fn=~s/(\/)+/\//g;
-
-# Fn is the full path to the destination filename.
-#
-
- &Debug($r, "Filename for upload: $fn");
- if (($fn) && ($fn!~/\/$/)) {
- $r->print('
');
- # Check for bad extension and warn user
- if ($fn=~/\.(\w+)$/ &&
- (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
- $r->print('
'
- .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.','"'.$1.'"' )
- .' '.&mt('Please change the extension.')
+ if (!$env{'form.upfile.filename'}) {
+ $r->print('
'.&mt('No upload file specified.').'
'.
+ &earlyout($fn,$uname,$udom));
+ return;
+ }
+
+ # Append the name of the uploaded file
+ $fn.=$env{'form.upfile.filename'};
+ $fn=~s/(\/)+/\//g;
+
+ # Check for illegal filename
+ &Debug($r, "Filename for upload: $fn");
+ if (!(($fn) && ($fn!~/\/$/))) {
+ $r->print('
'.&mt('Illegal filename.').'
');
+ return;
+ }
+ # Check if quota exceeded
+ my $filesize = length($env{'form.upfile'});
+ if (!$filesize) {
+ $r->print('
'.
+ &mt('Unable to upload [_1]. (size = [_2] bytes)',
+ ''.$env{'form.upfile.filename'}.'',
+ $filesize).' '.
+ &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').' '.
+ '
'.
+ &earlyout($fn,$uname,$udom));
+ return;
+ }
+ $filesize = int($filesize/1000); #expressed in kb
+ my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author',
+ $env{'form.upfile.filename'},$filesize,'upload');
+ if ($output) {
+ $r->print($output.&earlyout($fn,$uname,$udom));
+ return;
+ }
+
+# Split part that I can change from the part that I cannot change
+ my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
+ # Display additional options for upload
+ # and upload button
+ $r->print(
+ ''
+ );
+
+ # Check for bad extension and warn user
+ if ($fn=~/\.(\w+)$/ &&
+ (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
+ $r->print('
'
+ .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
+ ''.$1.'')
+ .' '.&mt('Please change the extension.')
.'