--- loncom/publisher/lonupload.pm 2001/05/25 16:36:36 1.3
+++ loncom/publisher/lonupload.pm 2023/07/23 11:54:56 1.71
@@ -1,158 +1,680 @@
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
-# (Handler to retrieve an old version of a file
+# $Id: lonupload.pm,v 1.71 2023/07/23 11:54:56 raeburn Exp $
#
-# (Publication Handler
-#
-# (TeX Content Handler
+# Copyright Michigan State University Board of Trustees
#
-# 05/29/00,05/30,10/11 Gerd Kortemeyer)
+# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
-# 11/28,11/29,11/30,12/01,12/02,12/04,12/23 Gerd Kortemeyer
-# 03/23 Guy Albertelli
-# 03/24,03/29 Gerd Kortemeyer)
+# LON-CAPA is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
#
-# 03/31,04/03 Gerd Kortemeyer)
+# LON-CAPA is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# 04/05,04/09,05/25 Gerd Kortemeyer
+# You should have received a copy of the GNU General Public License
+# along with LON-CAPA; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# /home/httpd/html/adm/gpl.txt
+#
+# http://www.lon-capa.org/
+#
+###
+
+=head1 NAME
+
+Apache::lonupload - upload files into construction space
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
'.&mt('No upload file specified.').'
'. + &earlyout($fn,$uname,$udom)); + return; + } + + # Append the name of the uploaded file + $fn.=$env{'form.upfile.filename'}; $fn=~s/(\/)+/\//g; - if (($fn) && ($fn!~/\/$/)) { - $r->print( - ''); - } else { - $r->print('Illegal filename.'); - } + # Check for illegal filename + &Debug($r, "Filename for upload: $fn"); + if (!(($fn) && ($fn!~/\/$/))) { + $r->print(''.&mt('Illegal filename.').'
'); + return; + } + # Check if quota exceeded + my $filesize = length($env{'form.upfile'}); + if (!$filesize) { + $r->print(''.
+ &mt('Unable to upload [_1]. (size = [_2] bytes)',
+ ''.$env{'form.upfile.filename'}.'',
+ $filesize).'
'.
+ &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'
'.
+ '
'
+ .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
+ ''.$1.'')
+ .'
'.&mt('Please change the extension.')
+ .'
'
+ .&mt('The extension on this file, [_1], is not recognized by LON-CAPA.',
+ ''.$1.'')
+ .'
'.&mt('Please change the extension.')
+ .'
View file'); - } else { - $r->print('Failed to copy: '.$!); - } - } + my ($r,$fn,$mode)=@_; + + my $output; + my $action = '/adm/upload'; + my $returnflag = ''; + if ($mode eq 'testbank') { + $action = '/adm/testbank'; + } elsif ($mode eq 'imsimport') { + $action = '/adm/imsimport'; + } + $fn=~s/\/+/\//g; + if ($fn) { + my $target= $r->dir_config('lonDocRoot').'/'.$fn; + &Debug($r, "target -> ".$target); +# target is the full filesystem path of the destination file. + my $base = &File::Basename::basename($fn); + my $path = &File::Basename::dirname($fn); + $base = &HTML::Entities::encode($base,'<>&"'); + my $url = $path."/".$base; + &Debug($r, "URL is now ".$url); + my $datatoken; + if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) { + $datatoken = $env{'form.datatoken'}; + } + if (($fn) && ($datatoken)) { + if ($env{'form.cancel'}) { + my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; + my $dirpath=$path.'/'; + $dirpath=~s/\/+/\//g; + $output .= '
'.&mt('Upload cancelled.').'
' + .''. + &mt('Back to Directory').'
'; + } elsif ((-e $target) && (!$env{'form.override'})) { + $output .= ''; + } else { + my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; + my $dirpath=$path.'/'; + $dirpath=~s/\/+/\//g; + # Check for bad extension and disallow upload + my $result; + ($result,$returnflag) = &check_extension($fn,$mode,$source,$target,$action,$dirpath,$url); + $output .= $result; + } + } else { + $output .= ''. + &mt('Please use browser "Back" button and pick a filename'). + '');
- &phaseone($r,$fn,$uname,$udom);
+ $output .= ''.
+ &mt('Please use browser "Back" button and pick a filename').
+ '
';
}
+ return ($output,$returnflag);
}
-sub handler {
+sub check_extension {
+ my ($fn,$mode,$source,$target,$action,$dirpath,$url) = @_;
+ my ($result,$returnflag);
+ # Check for bad extension and disallow upload
+ if ($fn=~/\.(\w+)$/ &&
+ (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
+ $result .= '
'.
+ &mt('File [_1] could not be copied.',
+ ''.$fn.' ').
+ '
'.
+ &mt('The extension on this file is reserved internally by LON-CAPA.').
+ '
'.
+ &mt('File [_1] could not be copied.',
+ ''.$fn.' ').
+ '
'.
+ &mt('The extension on this file is not recognized by LON-CAPA.').
+ '
'.
+ &mt('File [_1] could not be copied.',
+ ''.$fn.'').
+ '
'.
+ &mt('The target is an existing directory.').
+ '
' + .&mt('Your file - [_1] - was uploaded successfully.', + ''.$fn.'') + .'
'; + } else { + $result .= '' + .&mt('File copied.') + .'
'; + } + # Check for embedded objects. + my (%allfiles,%codebase); + my ($text,$header,$css,$js); + if (($mode ne 'imsimport') && ($target =~ /\.(htm|html|shtml)$/i)) { + my (%allfiles,%codebase); + &Apache::lonnet::extract_embedded_items($target,\%allfiles,\%codebase); + if (keys(%allfiles) > 0) { + my ($currentpath) = ($url =~ m{^(.+)/[^/]+$}); + my $state = &embedded_form_elems('upload_embedded',$url,$mode); + my ($embedded,$num,$pathchg) = + &Apache::loncommon::ask_for_embedded_content($action,$state,\%allfiles, + \%codebase, + {'error_on_invalid_names' => 1, + 'ignore_remote_references' => 1, + 'current_path' => $currentpath}); + if ($embedded) { + $result .= ''.&mt('Completed upload of the file.').' '.&mt('This file contained references to other files.').'
'. + ''.&mt('Please select the locations from which the referenced files are to be uploaded.').'
'. + $embedded; + if ($mode eq 'testbank') { + $returnflag = 'embedded'; + $result .= ''.&mt('Or [_1]continue[_2] the testbank import without these files.','','').'
'; + } + } else { + $result .= ''.&mt('Completed upload of the file.').'
'.$embedded; + if ($pathchg) { + if ($mode eq 'testbank') { + $returnflag = 'embedded'; + $result .= ''.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','','').'
'; + } + } + } + } + } + } + if (($mode ne 'imsimport') && ($mode ne 'testbank')) { + $result .= '' + .&mt('Removed one or more disallowed characters from filename') + .'
'; + } + if ($fname=~ /\.(\d+)\.(\w+)$/) { + my $num = $1; + $warning .= ''
+ .&mt('Bad filename [_1]',''.$fname.'')
+ .'
'
+ .&mt('[_1](name).(number).(extension)[_2] not allowed.','','')
+ .'
'
+ .&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','','')
+ .'
' + .&mt('Changed ___ to a single _ in filename') + .'
'; + } + return ($fname,$warning); +} - my $uname; - my $udom; +sub phasethree { + my ($r,$fn,$uname,$udom,$mode) = @_; - unless (($uname,$udom)= - &Apache::loncacc::constructaccess( - $ENV{'form.filename'},$r->dir_config('lonDefDomain'))) { - $r->log_reason($uname.' at '.$udom. - ' trying to publish file '.$ENV{'form.filename'}. - ' - not authorized', - $r->filename); - return HTTP_NOT_ACCEPTABLE; - } - - my $fn; - - if ($ENV{'form.filename'}) { - $fn=$ENV{'form.filename'}; - $fn=~s/^http\:\/\/[^\/]+\/(\~|priv\/)(\w+)//; - } else { - $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}. - ' unspecified filename for upload', $r->filename); - return HTTP_NOT_FOUND; - } + my $action = '/adm/upload'; + if ($mode eq 'testbank') { + $action = '/adm/testbank'; + } elsif ($mode eq 'imsimport') { + $action = '/adm/imsimport'; + } + my $url_root = "/priv/$udom/$uname"; + my $dir_root = $r->dir_config('lonDocRoot').$url_root; + my $path = &File::Basename::dirname($fn); + $path =~ s{^\Q$url_root\E}{}; + my $dirpath = $url_root.$path.'/'; + $dirpath=~s{/+}{/}g; + my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"'); + my $state = &embedded_form_elems('modify_orightml',$filename,$mode). + ''; + my ($result,$returnflag) = + &Apache::loncommon::upload_embedded($mode,$path,$uname,$udom, + $dir_root,$url_root,undef, + undef,undef,$state,$action); + if ($mode ne 'imsimport' && $mode ne 'testbank') { + $result .= '' + .&mt('Path modified as a result of one or more instances of /../') + .'
'; + while ($fn =~ m{/\.\./}) { + $fn =~ s{/[^/]+/\.\./}{/}g; + } + } + unless ($fn) { + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. + ' unspecified filename for upload', $r->filename); + return HTTP_NOT_FOUND; + } + + my ($uname,$udom)=&Apache::lonnet::constructaccess($fn); - if ($ENV{'form.phase'} eq 'two') { - &phasetwo($r,$fn,$uname,$udom); - } else { - &phaseone($r,$fn,$uname,$udom); - } + unless (($uname) && ($udom)) { + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. + ' trying to upload file '.$fn. + ' - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; + } - $r->print(''); - return OK; +# ----------------------------------------------------------- Start page output + + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + + unless ($env{'form.phase'} eq 'two') { + $javascript = <<"ENDJS"; + +ENDJS + } + + my $londocroot = $r->dir_config('lonDocRoot'); + my $trailfile = $fn; + $trailfile =~ s{^/(priv/)}{$londocroot/$1}; + + # Breadcrumbs + my $text = 'Authoring Space'; + my $href = &Apache::loncommon::authorspace($fn); + my $crsauthor; + if ($env{'request.course.id'}) { + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + if ($href eq "/priv/$cdom/$cnum/") { + $text = 'Course Authoring Space'; + $crsauthor = 1; + } + } + my $brcrum = [{'href' => $href, + 'text' => $text}, + {'href' => '/adm/upload', + 'text' => 'Upload file to '.$text}]; + $r->print(&Apache::loncommon::start_page('Upload file to '.$text, + $javascript, + {'bread_crumbs' => $brcrum,}) + .&Apache::loncommon::head_subbox( + &Apache::loncommon::CSTR_pageheader($trailfile)) + ); + + unless ($crsauthor) { + if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { + $r->print('' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'
' + ); + } + } + if ($warning) { + $r->print($warning); + } + if ($env{'form.phase'} eq 'four') { + my $output = &phasefour($r,$fn,$uname,$udom,'author'); + $r->print($output); + } elsif ($env{'form.phase'} eq 'three') { + my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author'); + $r->print($output); + } elsif ($env{'form.phase'} eq 'two') { + my ($output,$returnflag) = &phasetwo($r,$fn); + $r->print($output); + } else { + &phaseone($r,$fn,undef,$uname,$udom); + } + + $r->print(&Apache::loncommon::end_page()); + return OK; +} + +1; +__END__ + +