--- loncom/publisher/lonupload.pm 2010/12/26 03:09:11 1.53 +++ loncom/publisher/lonupload.pm 2013/06/04 22:20:16 1.62 @@ -1,8 +1,7 @@ - # The LearningOnline Network with CAPA # Handler to upload files into construction space # -# $Id: lonupload.pm,v 1.53 2010/12/26 03:09:11 raeburn Exp $ +# $Id: lonupload.pm,v 1.62 2013/06/04 22:20:16 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -126,7 +125,6 @@ use Apache::File; use File::Copy; use File::Basename; use Apache::Constants qw(:common :http :methods); -use Apache::loncacc; use Apache::loncommon(); use Apache::lonnet; use HTML::Entities(); @@ -163,7 +161,7 @@ sub upfile_store { } sub phaseone { - my ($r,$fn,$uname,$udom,$mode)=@_; + my ($r,$fn,$mode)=@_; my $action = '/adm/upload'; if ($mode eq 'testbank') { $action = '/adm/testbank'; @@ -179,12 +177,9 @@ sub phaseone { return; } - $fn=~s/\/[^\/]+$//; - $fn=~s/([^\/])$/$1\//; + # Append the name of the uploaded file $fn.=$env{'form.upfile.filename'}; - $fn=~s/^\///; $fn=~s/(\/)+/\//g; - # Fn is the full path to the destination filename. # Check for illegal filename &Debug($r, "Filename for upload: $fn"); @@ -192,20 +187,21 @@ sub phaseone { $r->print('

'.&mt('Illegal filename.').'

'); return; } - +# Split part that I can change from the part that I cannot change + my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/); # Display additional options for upload # and upload button $r->print( '
' .'' .'' - .'' ); $r->print( &Apache::lonhtmlcommon::start_pick_box() .&Apache::lonhtmlcommon::row_title(&mt('Save uploaded file as')) - .'/priv/'.$uname.'/' - .'' + .''.$fn1.'' + .'' + .'' .&Apache::lonhtmlcommon::row_closure() .&Apache::lonhtmlcommon::row_title(&mt('File Type')) .''; @@ -418,7 +414,7 @@ sub phasethree { $dir_root,$url_root,undef, undef,undef,$state,$action); if ($mode ne 'imsimport' && $mode ne 'testbank') { - $result .= '

'. + $result .= '

'. &mt('View main file').'

'. '

'. &mt('Back to Directory').'


'; @@ -437,6 +433,7 @@ STATE sub phasefour { my ($r,$fn,$uname,$udom,$mode) = @_; + my $action = '/adm/upload'; if ($mode eq 'testbank') { $action = '/adm/testbank'; @@ -444,13 +441,15 @@ sub phasefour { $action = '/adm/imsimport'; } my $result; - my $dir_root = '/home/'.$uname.'/public_html'; - my $url_root = '/priv/'.$uname; + my $url_root = "/priv/$udom/$uname"; + my $dir_root = $r->dir_config('lonDocRoot').$url_root; my $path = &File::Basename::dirname($fn); - $result .= &Apache::loncommon::modify_html_refs($mode,$path, - $uname,$udom,$dir_root); + $path =~ s{^\Q$url_root\E}{}; + my $outcome = + &Apache::loncommon::modify_html_refs($mode,$path,$uname,$udom,$dir_root); + $result .= $outcome; if ($mode ne 'imsimport' && $mode ne 'testbank') { - $result .= '

'. + $result .= '

'. &mt('View main file').'

'. '

'. &mt('Back to Directory').'


'; @@ -462,20 +461,39 @@ sub phasefour { sub handler { my $r=shift; - - my $uname; - my $udom; my $javascript = ''; -# -# phase two: re-attach user -# - if ($env{'form.uploaduname'}) { - $env{'form.filename'}='/priv/'.$env{'form.uploaduname'}.'/'. - $env{'form.filename'}; + my $fn=$env{'form.filename'}; + + if ($env{'form.filename1'}) { + $fn=$env{'form.filename1'}.$env{'form.filename2'}; } + $fn=~s/\/+/\//g; + + unless ($fn) { + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. + ' unspecified filename for upload', $r->filename); + return HTTP_NOT_FOUND; + } + + my ($uname,$udom)=&Apache::lonnet::constructaccess($fn); + + unless (($uname) && ($udom)) { + $r->log_reason($uname.' at '.$udom. + ' trying to publish file '.$env{'form.filename'}. + ' - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; + } + +# ----------------------------------------------------------- Start page output + + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; unless ($env{'form.phase'} eq 'two') { - $javascript = qq| + $javascript = <<"ENDJS"; + +ENDJS } -# ----------------------------------------------------------- Start page output - - - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - - $javascript = "\n"; + my $londocroot = $r->dir_config('lonDocRoot'); + my $trailfile = $fn; + $trailfile =~ s{^/(priv/)}{$londocroot/$1}; # Breadcrumbs - my $brcrum = [{'href' => &Apache::loncommon::authorspace(), - 'text' => 'Construction Space'}, + my $brcrum = [{'href' => &Apache::loncommon::authorspace($fn), + 'text' => 'Authoring Space'}, {'href' => '/adm/upload', - 'text' => 'Upload file to Construction Space'}]; - $r->print(&Apache::loncommon::start_page('Upload file to Construction Space', + 'text' => 'Upload file to Authoring Space'}]; + $r->print(&Apache::loncommon::start_page('Upload file to Authoring Space', $javascript, {'bread_crumbs' => $brcrum,}) .&Apache::loncommon::head_subbox( - &Apache::loncommon::CSTR_pageheader()) + &Apache::loncommon::CSTR_pageheader($trailfile)) ); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { @@ -550,10 +541,10 @@ function verifyForm() { my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author'); $r->print($output); } elsif ($env{'form.phase'} eq 'two') { - my ($output,$returnflag) = &phasetwo($r,$fn,$uname,$udom); + my ($output,$returnflag) = &phasetwo($r,$fn); $r->print($output); } else { - &phaseone($r,$fn,$uname,$udom); + &phaseone($r,$fn); } $r->print(&Apache::loncommon::end_page());