--- loncom/publisher/lonupload.pm 2003/09/22 15:39:53 1.20
+++ loncom/publisher/lonupload.pm 2011/10/26 22:38:49 1.55
@@ -2,7 +2,7 @@
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
-# $Id: lonupload.pm,v 1.20 2003/09/22 15:39:53 www Exp $
+# $Id: lonupload.pm,v 1.55 2011/10/26 22:38:49 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -28,6 +28,97 @@
#
###
+=head1 NAME
+
+Apache::lonupload - upload files into construction space
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonupload
+ ErrorDocument 403 /adm/login
+ ErrorDocument 404 /adm/notfound.html
+ ErrorDocument 406 /adm/unauthorized.html
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 INTRODUCTION
+
+This module uploads a file sitting on a client computer into
+library server construction space.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Initialize variables
+
+=item *
+
+Start page output
+
+=item *
+
+output relevant interface phase (phaseone, phasetwo, phasethree or phasefour)
+
+=item *
+
+(phase one is to specify upload file; phase two is to handle conditions
+subsequent to specification--like overwriting an existing file; phase three
+is to handle processing of secondary uploads - of embedded objects in an
+html file).
+
+=back
+
+=head1 OTHER SUBROUTINES
+
+=over
+
+=item phaseone()
+
+Interface for specifying file to upload.
+
+=item phasetwo()
+
+Interface for handling post-conditions about uploading (such
+as overwriting an existing file).
+
+=item phasethree()
+
+Interface for handling secondary uploads of embedded objects
+in an html file.
+
+=item phasefour()
+
+Interface for handling optional renaming of links to embedded
+objects.
+
+=item upfile_store()
+
+Store contents of uploaded file into temporary space. Invoked
+by phaseone subroutine.
+
+=item check_extension()
+
+Checks if filename extension is permitted and checks type
+ of file - if html file, calls parser to check for embedded objects.
+ Invoked by phasetwo subroutine.
+
+=back
+
+=cut
+
package Apache::lonupload;
use strict;
@@ -37,315 +128,428 @@ use File::Basename;
use Apache::Constants qw(:common :http :methods);
use Apache::loncacc;
use Apache::loncommon();
-use Apache::Log();
use Apache::lonnet;
use HTML::Entities();
use Apache::lonlocal;
+use Apache::lonnet;
+use LONCAPA();
my $DEBUG=0;
sub Debug {
-
- # Marshall the parameters.
-
- my $r = shift;
- my $log = $r->log;
- my $message = shift;
-
- # Put out the indicated message butonly if DEBUG is false.
-
- if ($DEBUG) {
- $log->debug($message);
- }
+ # Put out the indicated message but only if DEBUG is true.
+ if ($DEBUG) {
+ my ($r,$message) = @_;
+ $r->log_reason($message);
+ }
}
sub upfile_store {
my $r=shift;
- my $fname=$ENV{'form.upfile.filename'};
+ my $fname=$env{'form.upfile.filename'};
$fname=~s/\W//g;
- chomp($ENV{'form.upfile'});
+ chomp($env{'form.upfile'});
- my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}.
+ my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
'_upload_'.$fname.'_'.time.'_'.$$;
{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');
- print $fh $ENV{'form.upfile'};
+ print $fh $env{'form.upfile'};
}
return $datatoken;
}
-
sub phaseone {
- my ($r,$fn,$uname,$udom)=@_;
- $ENV{'form.upfile.filename'}=~s/\\/\//g;
- $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
- if ($ENV{'form.upfile.filename'}) {
- $fn=~s/\/[^\/]+$//;
- $fn=~s/([^\/])$/$1\//;
- $fn.=$ENV{'form.upfile.filename'};
- $fn=~s/^\///;
- $fn=~s/(\/)+/\//g;
+ my ($r,$fn,$uname,$udom,$mode)=@_;
+ my $action = '/adm/upload';
+ if ($mode eq 'testbank') {
+ $action = '/adm/testbank';
+ } elsif ($mode eq 'imsimport') {
+ $action = '/adm/imsimport';
+ }
+
+ # Check for file to be uploaded
+ $env{'form.upfile.filename'}=~s/\\/\//g;
+ $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
+ if (!$env{'form.upfile.filename'}) {
+ $r->print('
'.&mt('No upload file specified.').'
');
+ return;
+ }
-# Fn is the full path to the destination filename.
-#
+ # Append the name of the uploaded file
+ $fn.=$env{'form.upfile.filename'};
+ $fn=~s/(\/)+/\//g;
+ # Check for illegal filename
&Debug($r, "Filename for upload: $fn");
- if (($fn) && ($fn!~/\/$/)) {
- $r->print(
- '');
- # Check for bad extension and warn user
- if ($fn=~/\.(\w+)$/ &&
- (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
- $r->print(
- ''.
- &mt('The extension on this file,').' "'.$1.
- '"'.&mt(', is reserved internally by LON-CAPA.').'
'.
- &mt('Please change the extension.').
- '');
- } elsif($fn=~/\.(\w+)$/ &&
- !defined(&Apache::loncommon::fileembstyle($1))) {
- $r->print(
- ''.
- &mt('The extension on this file,').' "'.$1.
- '"'.&mt(', is not recognized by LON-CAPA.').'
'.
- &mt('Please change the extension.').
- '');
- }
- } else {
- $r->print(''.&mt('Illegal filename.').'');
- }
- } else {
- $r->print(''.&mt('No upload file specified.').'');
- }
+ if (!(($fn) && ($fn!~/\/$/))) {
+ $r->print(''.&mt('Illegal filename.').'
');
+ return;
+ }
+# Split part that I can change from the part that I cannot change
+ my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
+ # Display additional options for upload
+ # and upload button
+ $r->print(
+ ''
+ );
+
+ # Check for bad extension and warn user
+ if ($fn=~/\.(\w+)$/ &&
+ (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
+ $r->print(''
+ .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
+ ''.$1.'')
+ .'
'.&mt('Please change the extension.')
+ .'
');
+ } elsif($fn=~/\.(\w+)$/ &&
+ !defined(&Apache::loncommon::fileembstyle($1))) {
+ $r->print(''
+ .&mt('The extension on this file, [_1], is not recognized by LON-CAPA.',
+ ''.$1.'')
+ .'
'.&mt('Please change the extension.')
+ .'
');
+ }
}
sub phasetwo {
- my ($r,$tfn,$uname,$udom)=@_;
- my $fn='/priv/'.$uname.'/'.$tfn;
- $fn=~s/\/+/\//g;
- &Debug($r, "Filename is ".$tfn);
- if ($tfn) {
- &Debug($r, "Filename for tfn = ".$tfn);
- my $target='/home/'.$uname.'/public_html'.$tfn;
- &Debug($r, "target -> ".$target);
+ my ($r,$fn,$uname,$udom,$mode)=@_;
+
+ my $output;
+ my $action = '/adm/upload';
+ my $returnflag = '';
+ if ($mode eq 'testbank') {
+ $action = '/adm/testbank';
+ } elsif ($mode eq 'imsimport') {
+ $action = '/adm/imsimport';
+ }
+ $fn=~s/\/+/\//g;
+ if ($fn) {
+ my $target='/home/httpd/html/'.$fn;
+ &Debug($r, "target -> ".$target);
# target is the full filesystem path of the destination file.
- my $base = &File::Basename::basename($fn);
- my $path = &File::Basename::dirname($fn);
- $base = &HTML::Entities::encode($base);
- my $url = $path."/".$base;
- &Debug($r, "URL is now ".$url);
- my $datatoken=$ENV{'form.datatoken'};
- if (($fn) && ($datatoken)) {
- if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
- $r->print(
- '');
- } else {
- my $source=$r->dir_config('lonDaemons').
- '/tmp/'.$datatoken.'.tmp';
- # Check for bad extension and disallow upload
- if ($fn=~/\.(\w+)$/ &&
- (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
- $r->print(
- &mt('File').' '.$fn.' '.&mt('could not be copied.').'
'.
- ''.
- &mt('The extension on this file is reserved internally by LON-CAPA.').
- '');
- $r->print(''.&mt('Back to Directory').'');
- } elsif ($fn=~/\.(\w+)$/ &&
- !defined(&Apache::loncommon::fileembstyle($1))) {
- $r->print(
- &mt('File').' '.$fn.' '.&mt('could not be copied.').'
'.
- ''.
- &mt('The extension on this file is not recognized by LON-CAPA.').
- '');
- $r->print('
'.&mt('Back to Directory').'');
- } elsif (-d $target) {
- $r->print(
- 'File '.$fn.' could not be copied.
'.
- ''.
- &mt('The target is an existing directory.').
- '');
- $r->print('
'.&mt('Back to Directory').'');
- } elsif (copy($source,$target)) {
- chmod(0660, $target); # Set permissions to rw-rw---.
- $r->print(&mt('File copied.'));
- $r->print('
'.&mt('View file').'');
- $r->print('
'.&mt('Back to Directory').'');
- } else {
- $r->print('Failed to copy: '.$!);
- $r->print('
'.&mt('Back to Directory').'');
- }
- }
+ my $base = &File::Basename::basename($fn);
+ my $path = &File::Basename::dirname($fn);
+ $base = &HTML::Entities::encode($base,'<>&"');
+ my $url = $path."/".$base;
+ &Debug($r, "URL is now ".$url);
+ my $datatoken=$env{'form.datatoken'};
+ if (($fn) && ($datatoken)) {
+ if ($env{'form.cancel'}) {
+ my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
+ my $dirpath=$path.'/';
+ $dirpath=~s/\/+/\//g;
+ $output .= '
'.&mt('Upload cancelled.').'
'
+ .''.
+ &mt('Back to Directory').'
';
+ } elsif ((-e $target) && (!$env{'form.override'})) {
+ $output .= '';
+ } else {
+ my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
+ my $dirpath=$path.'/';
+ $dirpath=~s/\/+/\//g;
+ # Check for bad extension and disallow upload
+ my $result;
+ ($result,$returnflag) = &check_extension($fn,$mode,$source,$target,$action,$dirpath,$url);
+ $output .= $result;
+ }
+ } else {
+ $output .= ''.
+ &mt('Please use browser "Back" button and pick a filename').
+ '
';
+ }
} else {
- $r->print(
- ''.
-&mt('Please use browser "Back" button and pick a filename').'');
+ $output .= ''.
+ &mt('Please use browser "Back" button and pick a filename').
+ '
';
}
- } else {
- $r->print(
- ''.&mt('Please use browser "Back" button and pick a filename').'
');
- }
+ return ($output,$returnflag);
}
-# ---------------------------------------------------------------- Main Handler
-sub handler {
-
- my $r=shift;
-
- my $uname;
- my $udom;
-#
-# phase two: re-attach user
-#
- if ($ENV{'form.uploaduname'}) {
- $ENV{'form.filename'}='/priv/'.$ENV{'form.uploaduname'}.'/'.
- $ENV{'form.filename'};
- }
-#
-
- ($uname,$udom)=
- &Apache::loncacc::constructaccess(
- $ENV{'form.filename'},$r->dir_config('lonDefDomain'));
- unless (($uname) && ($udom)) {
- $r->log_reason($uname.' at '.$udom.
- ' trying to publish file '.$ENV{'form.filename'}.
- ' - not authorized',
- $r->filename);
- return HTTP_NOT_ACCEPTABLE;
- }
-
- my $fn;
- if ($ENV{'form.filename'}) {
- $fn=$ENV{'form.filename'};
- $fn=~s/^http\:\/\/[^\/]+\///;
- $fn=~s/^\///;
- $fn=~s/(\~|priv\/)(\w+)//;
- $fn=~s/\/+/\//g;
- } else {
- $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
- ' unspecified filename for upload', $r->filename);
- return HTTP_NOT_FOUND;
- }
-
-# ----------------------------------------------------------- Start page output
-
-
- &Apache::loncommon::content_type($r,'text/html');
- $r->send_http_header;
-
- $r->print('
LON-CAPA Construction Space');
-
- $r->print(&Apache::loncommon::bodytag('Upload file to Construction Space'));
-
- if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) {
- $r->print(''&mt('Co-Author').': '.$uname.
-&mt(' at ').$udom.
- '
');
- }
-
-
- if ($ENV{'form.phase'} eq 'two') {
- &phasetwo($r,$fn,$uname,$udom);
- } else {
- &phaseone($r,$fn,$uname,$udom);
- }
-
- $r->print('