--- loncom/publisher/lonupload.pm 2001/04/10 01:57:28 1.2 +++ loncom/publisher/lonupload.pm 2003/11/08 11:13:50 1.24 @@ -1,29 +1,63 @@ + # The LearningOnline Network with CAPA # Handler to upload files into construction space # -# (Handler to retrieve an old version of a file +# $Id: lonupload.pm,v 1.24 2003/11/08 11:13:50 albertel Exp $ +# +# Copyright Michigan State University Board of Trustees +# +# This file is part of the LearningOnline Network with CAPA (LON-CAPA). +# +# LON-CAPA is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# (Publication Handler -# -# (TeX Content Handler +# LON-CAPA is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# 05/29/00,05/30,10/11 Gerd Kortemeyer) +# You should have received a copy of the GNU General Public License +# along with LON-CAPA; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# 11/28,11/29,11/30,12/01,12/02,12/04,12/23 Gerd Kortemeyer -# 03/23 Guy Albertelli -# 03/24,03/29 Gerd Kortemeyer) +# /home/httpd/html/adm/gpl.txt # -# 03/31,04/03 Gerd Kortemeyer) +# http://www.lon-capa.org/ # -# 04/05,04/09 Gerd Kortemeyer +### package Apache::lonupload; use strict; use Apache::File; use File::Copy; +use File::Basename; use Apache::Constants qw(:common :http :methods); +use Apache::loncacc; +use Apache::loncommon(); +use Apache::Log(); +use Apache::lonnet; +use HTML::Entities(); +use Apache::lonlocal; +my $DEBUG=0; + +sub Debug { + + # Marshall the parameters. + + my $r = shift; + my $log = $r->log; + my $message = shift; + + # Put out the indicated message butonly if DEBUG is false. + + if ($DEBUG) { + $log->debug($message); + } +} sub upfile_store { my $r=shift; @@ -31,7 +65,7 @@ sub upfile_store { my $fname=$ENV{'form.upfile.filename'}; $fname=~s/\W//g; - chop($ENV{'form.upfile'}); + chomp($ENV{'form.upfile'}); my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}. '_upload_'.$fname.'_'.time.'_'.$$; @@ -46,86 +80,266 @@ sub upfile_store { sub phaseone { my ($r,$fn,$uname,$udom)=@_; - $fn=~s/\/[^\/]+$//; - $fn=~s/([^\/])$/$1\//; - $fn.=$ENV{'form.upfile.filename'}; - $r->print( - '
'); + $ENV{'form.upfile.filename'}=~s/\\/\//g; + $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/; + if ($ENV{'form.upfile.filename'}) { + $fn=~s/\/[^\/]+$//; + $fn=~s/([^\/])$/$1\//; + $fn.=$ENV{'form.upfile.filename'}; + $fn=~s/^\///; + $fn=~s/(\/)+/\//g; + +# Fn is the full path to the destination filename. +# + + &Debug($r, "Filename for upload: $fn"); + if (($fn) && ($fn!~/\/$/)) { + $r->print(''); + # Check for bad extension and warn user + if ($fn=~/\.(\w+)$/ && + (&Apache::loncommon::fileembstyle($1) eq 'hdn')) { + $r->print(''.&mt('The extension on this file,'). + ' "'.$1.'"'.&mt(', is reserved internally by LON-CAPA.'). + 'View file'); - } else { - $r->print('Failed to copy: '.$!); - } - } + my ($r,$tfn,$uname,$udom)=@_; + my $fn='/priv/'.$uname.'/'.$tfn; + $fn=~s/\/+/\//g; + &Debug($r, "Filename is ".$tfn); + if ($tfn) { + &Debug($r, "Filename for tfn = ".$tfn); + my $target='/home/'.$uname.'/public_html'.$tfn; + &Debug($r, "target -> ".$target); +# target is the full filesystem path of the destination file. + my $base = &File::Basename::basename($fn); + my $path = &File::Basename::dirname($fn); + $base = &HTML::Entities::encode($base); + my $url = $path."/".$base; + &Debug($r, "URL is now ".$url); + my $datatoken=$ENV{'form.datatoken'}; + if (($fn) && ($datatoken)) { + if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) { + $r->print('
'); + } else { + my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; + # Check for bad extension and disallow upload + if ($fn=~/\.(\w+)$/ && + (&Apache::loncommon::fileembstyle($1) eq 'hdn')) { + $r->print(&mt('File').' '.$fn.' '. + &mt('could not be copied.').'');
- &phaseone($r,$fn,$uname,$udom);
+ $r->print(''.
+ &mt('Please use browser "Back" button and pick a filename').
+ '
>');
}
}
+# ---------------------------------------------------------------- Main Handler
sub handler {
- my $r=shift;
+ my $r=shift;
- my $fn;
+ my $uname;
+ my $udom;
+#
+# phase two: re-attach user
+#
+ if ($ENV{'form.uploaduname'}) {
+ $ENV{'form.filename'}='/priv/'.$ENV{'form.uploaduname'}.'/'.
+ $ENV{'form.filename'};
+ }
+#
- if ($ENV{'form.filename'}) {
- $fn=$ENV{'form.filename'};
- $fn=~s/^http\:\/\/[^\/]+\/\~(\w+)//;
- } else {
- $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
- ' unspecified filename for upload', $r->filename);
- return HTTP_NOT_FOUND;
- }
+ ($uname,$udom)=
+ &Apache::loncacc::constructaccess($ENV{'form.filename'},
+ $r->dir_config('lonDefDomain'));
+ unless (($uname) && ($udom)) {
+ $r->log_reason($uname.' at '.$udom.
+ ' trying to publish file '.$ENV{'form.filename'}.
+ ' - not authorized',
+ $r->filename);
+ return HTTP_NOT_ACCEPTABLE;
+ }
+
+ my $fn;
+ if ($ENV{'form.filename'}) {
+ $fn=$ENV{'form.filename'};
+ $fn=~s/^http\:\/\/[^\/]+\///;
+ $fn=~s/^\///;
+ $fn=~s/(\~|priv\/)(\w+)//;
+ $fn=~s/\/+/\//g;
+ } else {
+ $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
+ ' unspecified filename for upload', $r->filename);
+ return HTTP_NOT_FOUND;
+ }
# ----------------------------------------------------------- Start page output
- my $uname=$ENV{'user.name'};
- my $udom=$ENV{'user.domain'};
-
- $r->content_type('text/html');
- $r->send_http_header;
- $r->print('