--- loncom/publisher/lonupload.pm 2013/12/04 17:29:44 1.66
+++ loncom/publisher/lonupload.pm 2017/11/12 23:01:00 1.68
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
-# $Id: lonupload.pm,v 1.66 2013/12/04 17:29:44 bisitz Exp $
+# $Id: lonupload.pm,v 1.68 2017/11/12 23:01:00 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -130,7 +130,7 @@ use Apache::lonnet;
use HTML::Entities();
use Apache::lonlocal;
use Apache::lonnet;
-use LONCAPA();
+use LONCAPA qw(:DEFAULT :match);
my $DEBUG=0;
@@ -150,8 +150,12 @@ sub upfile_store {
chomp($env{'form.upfile'});
- my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
- '_upload_'.$fname.'_'.time.'_'.$$;
+ my $datatoken;
+ if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
+ $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
+ '_upload_'.$fname.'_'.time.'_'.$$;
+ }
+ return if ($datatoken eq '');
{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');
@@ -279,7 +283,10 @@ sub phasetwo {
$base = &HTML::Entities::encode($base,'<>&"');
my $url = $path."/".$base;
&Debug($r, "URL is now ".$url);
- my $datatoken=$env{'form.datatoken'};
+ my $datatoken;
+ if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
+ $datatoken = $env{'form.datatoken'};
+ }
if (($fn) && ($datatoken)) {
if ($env{'form.cancel'}) {
my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
@@ -427,6 +434,8 @@ sub phasethree {
my $dir_root = $r->dir_config('lonDocRoot').$url_root;
my $path = &File::Basename::dirname($fn);
$path =~ s{^\Q$url_root\E}{};
+ my $dirpath = $url_root.$path.'/';
+ $dirpath=~s{/+}{/}g;
my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"');
my $state = &embedded_form_elems('modify_orightml',$filename,$mode).
'';
@@ -437,7 +446,7 @@ sub phasethree {
if ($mode ne 'imsimport' && $mode ne 'testbank') {
$result .= '
'.
- '