--- loncom/publisher/lonupload.pm 2001/12/04 18:13:06 1.9
+++ loncom/publisher/lonupload.pm 2019/03/04 19:54:35 1.69
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
-# $Id: lonupload.pm,v 1.9 2001/12/04 18:13:06 matthew Exp $
+# $Id: lonupload.pm,v 1.69 2019/03/04 19:54:35 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -25,209 +25,635 @@
#
# http://www.lon-capa.org/
#
-# (Handler to retrieve an old version of a file
-#
-# (Publication Handler
-#
-# (TeX Content Handler
-#
-# 05/29/00,05/30,10/11 Gerd Kortemeyer)
-#
-# 11/28,11/29,11/30,12/01,12/02,12/04,12/23 Gerd Kortemeyer
-# 03/23 Guy Albertelli
-# 03/24,03/29 Gerd Kortemeyer)
-#
-# 03/31,04/03 Gerd Kortemeyer)
-#
-# 04/05,04/09,05/25,06/23,06/24,08/22 Gerd Kortemeyer
-# 11/29 Matthew Hall
+###
+
+=head1 NAME
+
+Apache::lonupload - upload files into construction space
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/srm.conf:
+
+
+ PerlAccessHandler Apache::lonacc
+ SetHandler perl-script
+ PerlHandler Apache::lonupload
+ ErrorDocument 403 /adm/login
+ ErrorDocument 404 /adm/notfound.html
+ ErrorDocument 406 /adm/unauthorized.html
+ ErrorDocument 500 /adm/errorhandler
+
+
+=head1 INTRODUCTION
+
+This module uploads a file sitting on a client computer into
+library server construction space.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Initialize variables
+
+=item *
+
+Start page output
+
+=item *
+
+output relevant interface phase (phaseone, phasetwo, phasethree or phasefour)
+
+=item *
+
+(phase one is to specify upload file; phase two is to handle conditions
+subsequent to specification--like overwriting an existing file; phase three
+is to handle processing of secondary uploads - of embedded objects in an
+html file).
+
+=back
+
+=head1 OTHER SUBROUTINES
+
+=over
+
+=item phaseone()
+
+Interface for specifying file to upload.
+
+=item phasetwo()
+
+Interface for handling post-conditions about uploading (such
+as overwriting an existing file).
+
+=item phasethree()
+
+Interface for handling secondary uploads of embedded objects
+in an html file.
+
+=item phasefour()
+
+Interface for handling optional renaming of links to embedded
+objects.
+
+=item upfile_store()
+
+Store contents of uploaded file into temporary space. Invoked
+by phaseone subroutine.
+
+=item check_extension()
+
+Checks if filename extension is permitted and checks type
+ of file - if html file, calls parser to check for embedded objects.
+ Invoked by phasetwo subroutine.
+
+=back
+
+=cut
package Apache::lonupload;
use strict;
use Apache::File;
use File::Copy;
+use File::Basename;
use Apache::Constants qw(:common :http :methods);
-use Apache::loncacc;
+use Apache::loncommon();
+use Apache::lonnet;
+use HTML::Entities();
+use Apache::lonlocal;
use Apache::lonnet;
+use LONCAPA qw(:DEFAULT :match);
+
+my $DEBUG=0;
+
+sub Debug {
+ # Put out the indicated message but only if DEBUG is true.
+ if ($DEBUG) {
+ my ($r,$message) = @_;
+ $r->log_reason($message);
+ }
+}
sub upfile_store {
my $r=shift;
- my $fname=$ENV{'form.upfile.filename'};
+ my $fname=$env{'form.upfile.filename'};
$fname=~s/\W//g;
- chop($ENV{'form.upfile'});
+ chomp($env{'form.upfile'});
- my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}.
- '_upload_'.$fname.'_'.time.'_'.$$;
+ my $datatoken;
+ if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
+ $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
+ '_upload_'.$fname.'_'.time.'_'.$$;
+ }
+ return if ($datatoken eq '');
{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');
- print $fh $ENV{'form.upfile'};
+ print $fh $env{'form.upfile'};
}
return $datatoken;
}
-
sub phaseone {
- my ($r,$fn,$uname,$udom)=@_;
- $ENV{'form.upfile.filename'}=~s/\\/\//g;
- $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
- if ($ENV{'form.upfile.filename'}) {
- $fn=~s/\/[^\/]+$//;
- $fn=~s/([^\/])$/$1\//;
- $fn.=$ENV{'form.upfile.filename'};
- $fn=~s/^\///;
+ my ($r,$fn,$mode,$uname,$udom)=@_;
+ my $action = '/adm/upload';
+ if ($mode eq 'testbank') {
+ $action = '/adm/testbank';
+ } elsif ($mode eq 'imsimport') {
+ $action = '/adm/imsimport';
+ }
+
+ # Check for file to be uploaded
+ $env{'form.upfile.filename'}=~s/\\/\//g;
+ $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
+ $env{'form.upfile.filename'}=~s/(\s+$|^\s+)//g;
+ if (!$env{'form.upfile.filename'}) {
+ $r->print('
'.&mt('No upload file specified.').'
'.
+ &earlyout($fn,$uname,$udom));
+ return;
+ }
+
+ # Append the name of the uploaded file
+ $fn.=$env{'form.upfile.filename'};
$fn=~s/(\/)+/\//g;
- if (($fn) && ($fn!~/\/$/)) {
- $r->print(
- '');
- # Check for bad extension and warn user
- if ($fn=~/\.(\w+)$/ &&
- (&Apache::lonnet::fileembstyle($1) eq 'hdn')) {
- $r->print(
- ''.
- 'The extension on this file, "'.$1.
- '", is reserved internally by LON-CAPA. '.
- 'Please change the extension.'.
- '');
- } elsif($fn=~/\.(\w+)$/ &&
- !defined(&Apache::lonnet::fileembstyle($1))) {
- $r->print(
- ''.
- 'The extension on this file, "'.$1.
- '", is not recognized by LON-CAPA. '.
- 'Please change the extension.'.
- '');
- }
- } else {
- $r->print('Illegal filename.');
- }
- } else {
- $r->print('No upload file specified.');
- }
+ # Check for illegal filename
+ &Debug($r, "Filename for upload: $fn");
+ if (!(($fn) && ($fn!~/\/$/))) {
+ $r->print('
'.&mt('Illegal filename.').'
');
+ return;
+ }
+ # Check if quota exceeded
+ my $filesize = length($env{'form.upfile'});
+ if (!$filesize) {
+ $r->print('
'.
+ &mt('Unable to upload [_1]. (size = [_2] bytes)',
+ ''.$env{'form.upfile.filename'}.'',
+ $filesize).' '.
+ &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').' '.
+ '
'.
+ &earlyout($fn,$uname,$udom));
+ return;
+ }
+ $filesize = int($filesize/1000); #expressed in kb
+ my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author',
+ $env{'form.upfile.filename'},$filesize,'upload');
+ if ($output) {
+ $r->print($output.&earlyout($fn,$uname,$udom));
+ return;
+ }
+
+# Split part that I can change from the part that I cannot change
+ my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
+# Check for pattern: .number.extension which is reserved for LON-CAPA versioning.
+# Check for disallowed characters: #?&%:<>`|, and remove
+ if ($fn2 ne '') {
+ ($fn2,my $warning) = &check_filename($fn2);
+ if ($warning ne '') {
+ $r->print($warning);
+ }
+ }
+ # Display additional options for upload
+ # and upload button
+ $r->print(
+ ''
+ );
+
+ # Check for bad extension and warn user
+ if ($fn=~/\.(\w+)$/ &&
+ (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
+ $r->print('
'
+ .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
+ ''.$1.'')
+ .' '.&mt('Please change the extension.')
+ .'
'
+ .&mt('The extension on this file, [_1], is not recognized by LON-CAPA.',
+ ''.$1.'')
+ .' '.&mt('Please change the extension.')
+ .'
');
+ }
}
sub phasetwo {
- my ($r,$fn,$uname,$udom)=@_;
- if ($fn=~/^\/priv\/$uname\//) {
- my $tfn=$fn;
- $tfn=~s/^\/(\~|priv)\/(\w+)//;
- my $target='/home/'.$uname.'/public_html'.$tfn;
- my $datatoken=$ENV{'form.datatoken'};
- if (($fn) && ($datatoken)) {
- if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
- $r->print(
- '');
- } else {
- my $source=$r->dir_config('lonDaemons').
- '/tmp/'.$datatoken.'.tmp';
- # Check for bad extension and disallow upload
- if ($fn=~/\.(\w+)$/ &&
- (&Apache::lonnet::fileembstyle($1) eq 'hdn')) {
- $r->print(
- 'File '.$fn.' could not be copied. '.
- ''.
- 'The extension on this file is reserved internally by LON-CAPA.'.
- '');
- } elsif ($fn=~/\.(\w+)$/ &&
- !defined(&Apache::lonnet::fileembstyle($1))) {
- $r->print(
- 'File '.$fn.' could not be copied. '.
- ''.
- 'The extension on this file is not recognized by LON-CAPA.'.
- '');
- } elsif (copy($source,$target)) {
- $r->print('File copied.');
- $r->print('
View file');
- } else {
- $r->print('Failed to copy: '.$!);
- }
- }
+ my ($r,$fn,$mode)=@_;
+
+ my $output;
+ my $action = '/adm/upload';
+ my $returnflag = '';
+ if ($mode eq 'testbank') {
+ $action = '/adm/testbank';
+ } elsif ($mode eq 'imsimport') {
+ $action = '/adm/imsimport';
+ }
+ $fn=~s/\/+/\//g;
+ if ($fn) {
+ my $target= $r->dir_config('lonDocRoot').'/'.$fn;
+ &Debug($r, "target -> ".$target);
+# target is the full filesystem path of the destination file.
+ my $base = &File::Basename::basename($fn);
+ my $path = &File::Basename::dirname($fn);
+ $base = &HTML::Entities::encode($base,'<>&"');
+ my $url = $path."/".$base;
+ &Debug($r, "URL is now ".$url);
+ my $datatoken;
+ if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
+ $datatoken = $env{'form.datatoken'};
+ }
+ if (($fn) && ($datatoken)) {
+ if ($env{'form.cancel'}) {
+ my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
+ my $dirpath=$path.'/';
+ $dirpath=~s/\/+/\//g;
+ $output .= '