Annotation of loncom/publisher/lonupload.pm, revision 1.70
1.1 www 1: # The LearningOnline Network with CAPA
2: # Handler to upload files into construction space
3: #
1.70 ! raeburn 4: # $Id: lonupload.pm,v 1.69 2019/03/04 19:54:35 raeburn Exp $
1.8 matthew 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
1.10 harris41 28: ###
1.1 www 29:
1.39 jms 30: =head1 NAME
31:
32: Apache::lonupload - upload files into construction space
33:
34: =head1 SYNOPSIS
35:
36: Invoked by /etc/httpd/conf/srm.conf:
37:
38: <Location /adm/upload>
39: PerlAccessHandler Apache::lonacc
40: SetHandler perl-script
41: PerlHandler Apache::lonupload
42: ErrorDocument 403 /adm/login
43: ErrorDocument 404 /adm/notfound.html
44: ErrorDocument 406 /adm/unauthorized.html
45: ErrorDocument 500 /adm/errorhandler
46: </Location>
47:
48: =head1 INTRODUCTION
49:
50: This module uploads a file sitting on a client computer into
51: library server construction space.
52:
53: This is part of the LearningOnline Network with CAPA project
54: described at http://www.lon-capa.org.
55:
56: =head1 HANDLER SUBROUTINE
57:
58: This routine is called by Apache and mod_perl.
59:
60: =over 4
61:
62: =item *
63:
64: Initialize variables
65:
66: =item *
67:
68: Start page output
69:
70: =item *
71:
1.51 raeburn 72: output relevant interface phase (phaseone, phasetwo, phasethree or phasefour)
1.39 jms 73:
74: =item *
75:
76: (phase one is to specify upload file; phase two is to handle conditions
77: subsequent to specification--like overwriting an existing file; phase three
78: is to handle processing of secondary uploads - of embedded objects in an
79: html file).
80:
81: =back
82:
83: =head1 OTHER SUBROUTINES
84:
1.40 jms 85: =over
1.39 jms 86:
1.40 jms 87: =item phaseone()
1.39 jms 88:
1.40 jms 89: Interface for specifying file to upload.
1.39 jms 90:
1.40 jms 91: =item phasetwo()
1.39 jms 92:
1.40 jms 93: Interface for handling post-conditions about uploading (such
1.39 jms 94: as overwriting an existing file).
95:
1.40 jms 96: =item phasethree()
1.39 jms 97:
1.40 jms 98: Interface for handling secondary uploads of embedded objects
1.39 jms 99: in an html file.
100:
1.51 raeburn 101: =item phasefour()
102:
103: Interface for handling optional renaming of links to embedded
104: objects.
105:
1.40 jms 106: =item upfile_store()
1.39 jms 107:
1.40 jms 108: Store contents of uploaded file into temporary space. Invoked
1.39 jms 109: by phaseone subroutine.
110:
1.40 jms 111: =item check_extension()
1.39 jms 112:
1.40 jms 113: Checks if filename extension is permitted and checks type
1.39 jms 114: of file - if html file, calls parser to check for embedded objects.
115: Invoked by phasetwo subroutine.
116:
117: =back
118:
119: =cut
120:
1.1 www 121: package Apache::lonupload;
122:
123: use strict;
124: use Apache::File;
125: use File::Copy;
1.13 foxr 126: use File::Basename;
1.1 www 127: use Apache::Constants qw(:common :http :methods);
1.10 harris41 128: use Apache::loncommon();
1.13 foxr 129: use Apache::lonnet;
1.14 foxr 130: use HTML::Entities();
1.20 www 131: use Apache::lonlocal;
1.29 albertel 132: use Apache::lonnet;
1.68 raeburn 133: use LONCAPA qw(:DEFAULT :match);
1.12 foxr 134:
135: my $DEBUG=0;
136:
137: sub Debug {
1.30 albertel 138: # Put out the indicated message but only if DEBUG is true.
1.22 albertel 139: if ($DEBUG) {
1.30 albertel 140: my ($r,$message) = @_;
141: $r->log_reason($message);
1.22 albertel 142: }
1.12 foxr 143: }
1.1 www 144:
1.2 www 145: sub upfile_store {
146: my $r=shift;
147:
1.29 albertel 148: my $fname=$env{'form.upfile.filename'};
1.2 www 149: $fname=~s/\W//g;
150:
1.29 albertel 151: chomp($env{'form.upfile'});
1.1 www 152:
1.68 raeburn 153: my $datatoken;
154: if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
155: $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
156: '_upload_'.$fname.'_'.time.'_'.$$;
157: }
158: return if ($datatoken eq '');
1.2 www 159: {
160: my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
161: '/tmp/'.$datatoken.'.tmp');
1.29 albertel 162: print $fh $env{'form.upfile'};
1.1 www 163: }
1.2 www 164: return $datatoken;
165: }
166:
167: sub phaseone {
1.63 raeburn 168: my ($r,$fn,$mode,$uname,$udom)=@_;
1.25 raeburn 169: my $action = '/adm/upload';
170: if ($mode eq 'testbank') {
171: $action = '/adm/testbank';
172: } elsif ($mode eq 'imsimport') {
173: $action = '/adm/imsimport';
174: }
1.49 bisitz 175:
176: # Check for file to be uploaded
1.29 albertel 177: $env{'form.upfile.filename'}=~s/\\/\//g;
178: $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
1.69 raeburn 179: $env{'form.upfile.filename'}=~s/(\s+$|^\s+)//g;
1.49 bisitz 180: if (!$env{'form.upfile.filename'}) {
1.63 raeburn 181: $r->print('<p class="LC_warning">'.&mt('No upload file specified.').'</p>'.
182: &earlyout($fn,$uname,$udom));
1.49 bisitz 183: return;
184: }
185:
1.55 www 186: # Append the name of the uploaded file
1.49 bisitz 187: $fn.=$env{'form.upfile.filename'};
188: $fn=~s/(\/)+/\//g;
189:
190: # Check for illegal filename
191: &Debug($r, "Filename for upload: $fn");
192: if (!(($fn) && ($fn!~/\/$/))) {
193: $r->print('<p class="LC_warning">'.&mt('Illegal filename.').'</p>');
194: return;
195: }
1.63 raeburn 196: # Check if quota exceeded
197: my $filesize = length($env{'form.upfile'});
198: if (!$filesize) {
199: $r->print('<p class="LC_warning">'.
200: &mt('Unable to upload [_1]. (size = [_2] bytes)',
201: '<span class="LC_filename">'.$env{'form.upfile.filename'}.'</span>',
202: $filesize).'<br />'.
203: &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'<br />'.
204: '</p>'.
205: &earlyout($fn,$uname,$udom));
206: return;
207: }
208: $filesize = int($filesize/1000); #expressed in kb
1.65 raeburn 209: my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author',
210: $env{'form.upfile.filename'},$filesize,'upload');
1.64 raeburn 211: if ($output) {
212: $r->print($output.&earlyout($fn,$uname,$udom));
1.63 raeburn 213: return;
214: }
1.64 raeburn 215:
1.55 www 216: # Split part that I can change from the part that I cannot change
217: my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
1.69 raeburn 218: # Check for pattern: .number.extension which is reserved for LON-CAPA versioning.
219: # Check for disallowed characters: #?&%:<>`|, and remove
220: if ($fn2 ne '') {
221: ($fn2,my $warning) = &check_filename($fn2);
222: if ($warning ne '') {
223: $r->print($warning);
224: }
225: }
1.49 bisitz 226: # Display additional options for upload
227: # and upload button
228: $r->print(
229: '<form action="'.$action.'" method="post" name="fileupload">'
230: .'<input type="hidden" name="phase" value="two" />'
231: .'<input type="hidden" name="datatoken" value="'.&upfile_store.'" />'
232: );
233: $r->print(
234: &Apache::lonhtmlcommon::start_pick_box()
235: .&Apache::lonhtmlcommon::row_title(&mt('Save uploaded file as'))
1.55 www 236: .'<span class="LC_filename">'.$fn1.'</span>'
237: .'<input type="hidden" name="filename1" value="'.$fn1.'" />'
238: .'<input type="text" size="50" name="filename2" value="'.$fn2.'" />'
1.49 bisitz 239: .&Apache::lonhtmlcommon::row_closure()
240: .&Apache::lonhtmlcommon::row_title(&mt('File Type'))
241: .'<select name="filetype">'
242: .'<option value="standard" selected="selected">'.&mt('Regular file').'</option>'
243: .'<option value="testbank">'.&mt('Testbank file').'</option>'
244: .'<option value="imsimport">'.&mt('IMS package').'</option>'
245: .'</select>'.&Apache::loncommon::help_open_topic("Uploading_File_Options")
246: .&Apache::lonhtmlcommon::row_closure(1)
247: .&Apache::lonhtmlcommon::end_pick_box()
248: );
249: $r->print(
250: '<p>'
251: .'<input type="button" value="'.&mt('Upload').'" onclick="javascript:verifyForm()"/>'
252: .'</p>'
253: .'</form>'
254: );
1.13 foxr 255:
1.49 bisitz 256: # Check for bad extension and warn user
257: if ($fn=~/\.(\w+)$/ &&
258: (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
1.41 bisitz 259: $r->print('<p class="LC_error">'
1.49 bisitz 260: .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
261: '<span class="LC_filename">'.$1.'</span>')
1.41 bisitz 262: .' <br />'.&mt('Please change the extension.')
263: .'</p>');
1.49 bisitz 264: } elsif($fn=~/\.(\w+)$/ &&
265: !defined(&Apache::loncommon::fileembstyle($1))) {
1.41 bisitz 266: $r->print('<p class="LC_error">'
1.49 bisitz 267: .&mt('The extension on this file, [_1], is not recognized by LON-CAPA.',
268: '<span class="LC_filename">'.$1.'</span>')
1.41 bisitz 269: .' <br />'.&mt('Please change the extension.')
270: .'</p>');
1.22 albertel 271: }
1.1 www 272: }
273:
274: sub phasetwo {
1.58 raeburn 275: my ($r,$fn,$mode)=@_;
1.55 www 276:
1.37 raeburn 277: my $output;
1.25 raeburn 278: my $action = '/adm/upload';
279: my $returnflag = '';
280: if ($mode eq 'testbank') {
281: $action = '/adm/testbank';
282: } elsif ($mode eq 'imsimport') {
283: $action = '/adm/imsimport';
284: }
1.22 albertel 285: $fn=~s/\/+/\//g;
1.55 www 286: if ($fn) {
1.58 raeburn 287: my $target= $r->dir_config('lonDocRoot').'/'.$fn;
1.22 albertel 288: &Debug($r, "target -> ".$target);
1.13 foxr 289: # target is the full filesystem path of the destination file.
1.22 albertel 290: my $base = &File::Basename::basename($fn);
291: my $path = &File::Basename::dirname($fn);
1.26 albertel 292: $base = &HTML::Entities::encode($base,'<>&"');
1.69 raeburn 293: my $url = $path."/".$base;
1.22 albertel 294: &Debug($r, "URL is now ".$url);
1.68 raeburn 295: my $datatoken;
296: if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
297: $datatoken = $env{'form.datatoken'};
298: }
1.22 albertel 299: if (($fn) && ($datatoken)) {
1.36 www 300: if ($env{'form.cancel'}) {
301: my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
302: my $dirpath=$path.'/';
303: $dirpath=~s/\/+/\//g;
1.49 bisitz 304: $output .= '<p class="LC_warning">'.&mt('Upload cancelled.').'</p>'
305: .'<p><a href="'.$dirpath.'">'.
306: &mt('Back to Directory').'</a></p>';
307: } elsif ((-e $target) && (!$env{'form.override'})) {
308: $output .= '<form action="'.$action.'" method="post">'
309: .'<p class="LC_warning">'
310: .&mt('File [_1] already exists.',
311: '<span class="LC_filename">'.$fn.'</span>')
312: .'<input type="hidden" name="phase" value="two" />'
313: .'<input type="hidden" name="filename" value="'.$url.'" />'
314: .'<input type="hidden" name="datatoken" value="'.$datatoken.'" />'
315: .'<p>'
316: .'<input type="submit" name="cancel" value="'.&mt('Cancel').'" />'
317: .' <input type="submit" name="override" value="'.&mt('Overwrite').'" />'
318: .'</p>'
319: .'</form>';
1.36 www 320: } else {
1.22 albertel 321: my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
1.27 www 322: my $dirpath=$path.'/';
323: $dirpath=~s/\/+/\//g;
1.22 albertel 324: # Check for bad extension and disallow upload
1.37 raeburn 325: my $result;
326: ($result,$returnflag) = &check_extension($fn,$mode,$source,$target,$action,$dirpath,$url);
327: $output .= $result;
1.22 albertel 328: }
329: } else {
1.37 raeburn 330: $output .= '<span class="LC_error">'.
1.22 albertel 331: &mt('Please use browser "Back" button and pick a filename').
1.37 raeburn 332: '</span><br />';
1.22 albertel 333: }
1.1 www 334: } else {
1.37 raeburn 335: $output .= '<span class="LC_error">'.
336: &mt('Please use browser "Back" button and pick a filename').
337: '</span><br />';
338: }
339: return ($output,$returnflag);
340: }
341:
342: sub check_extension {
343: my ($fn,$mode,$source,$target,$action,$dirpath,$url) = @_;
344: my ($result,$returnflag);
345: # Check for bad extension and disallow upload
346: if ($fn=~/\.(\w+)$/ &&
347: (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
1.49 bisitz 348: $result .= '<p class="LC_warning">'.
349: &mt('File [_1] could not be copied.',
350: '<span class="LC_filename">'.$fn.'</span> ').
351: '<br />'.
352: &mt('The extension on this file is reserved internally by LON-CAPA.').
353: '</p>';
1.37 raeburn 354: } elsif ($fn=~/\.(\w+)$/ &&
355: !defined(&Apache::loncommon::fileembstyle($1))) {
1.49 bisitz 356: $result .= '<p class="LC_warning">'.
357: &mt('File [_1] could not be copied.',
358: '<span class="LC_filename">'.$fn.'</span> ').
359: '<br />'.
360: &mt('The extension on this file is not recognized by LON-CAPA.').
361: '</p>';
1.37 raeburn 362: } elsif (-d $target) {
1.49 bisitz 363: $result .= '<p class="LC_warning">'.
364: &mt('File [_1] could not be copied.',
365: '<span class="LC_filename">'.$fn.'</span>').
366: '<br />'.
367: &mt('The target is an existing directory.').
368: '</p>';
1.37 raeburn 369: } elsif (copy($source,$target)) {
370: chmod(0660, $target); # Set permissions to rw-rw---.
371: if ($mode eq 'testbank' || $mode eq 'imsimport') {
372: $returnflag = 'ok';
1.49 bisitz 373: $result .= '<p class="LC_success">'
374: .&mt('Your file - [_1] - was uploaded successfully.',
375: '<span class="LC_filename">'.$fn.'<span>')
376: .'</p>';
1.37 raeburn 377: } else {
1.49 bisitz 378: $result .= '<p class="LC_success">'
379: .&mt('File copied.')
380: .'</p>';
1.37 raeburn 381: }
382: # Check for embedded objects.
383: my (%allfiles,%codebase);
384: my ($text,$header,$css,$js);
385: if (($mode ne 'imsimport') && ($target =~ /\.(htm|html|shtml)$/i)) {
386: my (%allfiles,%codebase);
387: &Apache::lonnet::extract_embedded_items($target,\%allfiles,\%codebase);
388: if (keys(%allfiles) > 0) {
1.50 raeburn 389: my ($currentpath) = ($url =~ m{^(.+)/[^/]+$});
1.51 raeburn 390: my $state = &embedded_form_elems('upload_embedded',$url,$mode);
391: my ($embedded,$num,$pathchg) =
392: &Apache::loncommon::ask_for_embedded_content($action,$state,\%allfiles,
393: \%codebase,
394: {'error_on_invalid_names' => 1,
395: 'ignore_remote_references' => 1,
396: 'current_path' => $currentpath});
1.50 raeburn 397: if ($embedded) {
1.51 raeburn 398: $result .= '<h3>'.&mt('Reference Warning').'</h3>';
399: if ($num) {
400: $result .= '<p>'.&mt('Completed upload of the file.').' '.&mt('This file contained references to other files.').'</p>'.
401: '<p>'.&mt('Please select the locations from which the referenced files are to be uploaded.').'</p>'.
402: $embedded;
403: if ($mode eq 'testbank') {
404: $returnflag = 'embedded';
405: $result .= '<p>'.&mt('Or [_1]continue[_2] the testbank import without these files.','<a href="javascript:document.testbankForm.submit();">','</a>').'</p>';
406: }
407: } else {
408: $result .= '<p>'.&mt('Completed upload of the file.').'</p>'.$embedded;
409: if ($pathchg) {
410: if ($mode eq 'testbank') {
411: $returnflag = 'embedded';
1.66 bisitz 412: $result .= '<p>'.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','<a href="javascript:document.testbankForm.submit();">','</a>').'</p>';
1.51 raeburn 413: }
414: }
415: }
1.37 raeburn 416: }
417: }
418: }
419: if (($mode ne 'imsimport') && ($mode ne 'testbank')) {
1.49 bisitz 420: $result .= '<br /><a href="'.$url.'">'.
421: &mt('View file').'</a>';
1.37 raeburn 422: }
423: } else {
424: $result .= &mt('Failed to copy: [_1].',$!);
425: }
426: if ($mode ne 'imsimport' && $mode ne 'testbank') {
1.49 bisitz 427: $result .= '<br /><a href="'.$dirpath.'">'.
428: &mt('Back to Directory').'</a><br />';
1.37 raeburn 429: }
430: return ($result,$returnflag);
431: }
432:
1.69 raeburn 433: sub check_filename {
434: my ($fname) = @_;
435: my $warning;
436: if ($fname =~/[#\?&%":<>`|]/) {
437: $fname =~s/[#\?&%":<>`|]//g;
438: $warning .= '<p class="LC_warning">'
439: .&mt('Removed one or more disallowed characters from filename')
440: .'</p>';
441: }
442: if ($fname=~ /\.(\d+)\.(\w+)$/) {
443: my $num = $1;
444: $warning .= '<p class="LC_warning">'
445: .&mt('Bad filename [_1]','<span class="LC_filename">'.$fname.'</span>')
446: .'<br />'
447: .&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
448: .'<br />'
449: .&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','<tt>','</tt>')
450: .'</p>';
451: if ($num eq '0') {
452: $fname =~ s/\.(\d+)(\.\w+)$/_A$2/;
453: } else {
454: my $letts = '';
455: my %digletter = reverse &Apache::lonnet::letter_to_digits();
456: if ($num >= 100) {
457: $num = substr($num,-2);
458: }
459: foreach my $digit (split('',$num)) {
460: $letts .= $digletter{$digit};
461: }
462: $fname =~ s/\.(\d+)(\.\w+)$/_$letts$2/;
463: }
464: }
465: if ($fname =~/___/) {
466: $fname =~s/_+/_/g;
467: $warning .= '<p class="LC_warning">'
468: .&mt('Changed ___ to a single _ in filename')
469: .'</p>';
470: }
471: return ($fname,$warning);
472: }
473:
1.37 raeburn 474: sub phasethree {
475: my ($r,$fn,$uname,$udom,$mode) = @_;
1.55 www 476:
1.51 raeburn 477: my $action = '/adm/upload';
478: if ($mode eq 'testbank') {
479: $action = '/adm/testbank';
480: } elsif ($mode eq 'imsimport') {
481: $action = '/adm/imsimport';
482: }
1.56 raeburn 483: my $url_root = "/priv/$udom/$uname";
484: my $dir_root = $r->dir_config('lonDocRoot').$url_root;
1.51 raeburn 485: my $path = &File::Basename::dirname($fn);
1.58 raeburn 486: $path =~ s{^\Q$url_root\E}{};
1.67 raeburn 487: my $dirpath = $url_root.$path.'/';
488: $dirpath=~s{/+}{/}g;
1.51 raeburn 489: my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"');
490: my $state = &embedded_form_elems('modify_orightml',$filename,$mode).
491: '<input type="hidden" name="phase" value="four" />';
492: my ($result,$returnflag) =
493: &Apache::loncommon::upload_embedded($mode,$path,$uname,$udom,
494: $dir_root,$url_root,undef,
495: undef,undef,$state,$action);
496: if ($mode ne 'imsimport' && $mode ne 'testbank') {
1.58 raeburn 497: $result .= '<br /><h3><a href="'.$fn.'">'.
1.51 raeburn 498: &mt('View main file').'</a></h3>'.
1.67 raeburn 499: '<h3><a href="'.$dirpath.'">'.
1.51 raeburn 500: &mt('Back to Directory').'</a></h3><br />';
501: }
502: return ($result,$returnflag);
503: }
504:
505: sub embedded_form_elems {
506: my ($action,$filename,$mode) = @_;
507: return <<STATE;
508: <input type="hidden" name="action" value="$action" />
509: <input type="hidden" name="mode" value="$mode" />
510: <input type="hidden" name="filename" value="$filename" />
511: STATE
512: }
513:
514: sub phasefour {
515: my ($r,$fn,$uname,$udom,$mode) = @_;
1.55 www 516:
1.51 raeburn 517: my $action = '/adm/upload';
518: if ($mode eq 'testbank') {
519: $action = '/adm/testbank';
520: } elsif ($mode eq 'imsimport') {
521: $action = '/adm/imsimport';
522: }
1.37 raeburn 523: my $result;
1.56 raeburn 524: my $url_root = "/priv/$udom/$uname";
525: my $dir_root = $r->dir_config('lonDocRoot').$url_root;
1.37 raeburn 526: my $path = &File::Basename::dirname($fn);
1.58 raeburn 527: $path =~ s{^\Q$url_root\E}{};
1.67 raeburn 528: my $dirpath = $url_root.$path.'/';
529: $dirpath=~s{/+}{/}g;
1.60 raeburn 530: my $outcome =
531: &Apache::loncommon::modify_html_refs($mode,$path,$uname,$udom,$dir_root);
532: $result .= $outcome;
1.37 raeburn 533: if ($mode ne 'imsimport' && $mode ne 'testbank') {
1.58 raeburn 534: $result .= '<br /><h3><a href="'.$fn.'">'.
1.51 raeburn 535: &mt('View main file').'</a></h3>'.
1.67 raeburn 536: '<h3><a href="'.$dirpath.'">'.
1.51 raeburn 537: &mt('Back to Directory').'</a></h3><br />';
1.1 www 538: }
1.37 raeburn 539: return $result;
1.1 www 540: }
541:
1.63 raeburn 542: sub earlyout {
543: my ($fn,$uname,$udom) = @_;
544: if ($fn =~ m{^(/priv/$udom/$uname(?:.*)/)[^/]*}) {
545: return &Apache::lonhtmlcommon::actionbox(
546: ['<a href="'.$1.'">'.&mt('Return to Directory').'</a>']);
547: }
548: return;
549: }
550:
1.10 harris41 551: # ---------------------------------------------------------------- Main Handler
1.1 www 552: sub handler {
553:
1.22 albertel 554: my $r=shift;
1.25 raeburn 555: my $javascript = '';
1.69 raeburn 556: my $fn;
557: my $warning;
1.55 www 558:
559: if ($env{'form.filename1'}) {
1.69 raeburn 560: my $fn1 = $env{'form.filename1'};
561: my $fn2 = $env{'form.filename2'};
562: $fn2 =~ s/(\s+$|^\s+)//g;
563: $fn2 =~ s/\/+/\//g;
564: ($fn2,$warning) = &check_filename($fn2);
565: $fn = $fn1.$fn2;
566: } else {
567: $fn = $env{'form.filename'};
1.55 www 568: }
569: $fn=~s/\/+/\//g;
1.70 ! raeburn 570: if ($fn =~ m{/\.\./}) {
! 571: $warning .= '<p class="LC_warning">'
! 572: .&mt('Path modified as a result of one or more instances of /../')
! 573: .'</p>';
! 574: while ($fn =~ m{/\.\./}) {
! 575: $fn =~ s{/[^/]+/\.\./}{/}g;
! 576: }
! 577: }
1.55 www 578:
579: unless ($fn) {
580: $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
581: ' unspecified filename for upload', $r->filename);
582: return HTTP_NOT_FOUND;
1.22 albertel 583: }
584:
1.61 raeburn 585: my ($uname,$udom)=&Apache::lonnet::constructaccess($fn);
1.58 raeburn 586:
587: unless (($uname) && ($udom)) {
1.69 raeburn 588: $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
589: ' trying to upload file '.$fn.
1.58 raeburn 590: ' - not authorized',
591: $r->filename);
592: return HTTP_NOT_ACCEPTABLE;
593: }
594:
595: # ----------------------------------------------------------- Start page output
596:
597: &Apache::loncommon::content_type($r,'text/html');
598: $r->send_http_header;
599:
1.29 albertel 600: unless ($env{'form.phase'} eq 'two') {
1.58 raeburn 601: $javascript = <<"ENDJS";
602: <script type="text/javascript">
603: // <![CDATA[
1.25 raeburn 604: function verifyForm() {
1.28 raeburn 605: var mode = document.fileupload.filetype.options[document.fileupload.filetype.selectedIndex].value
1.25 raeburn 606: if (mode == "testbank") {
1.28 raeburn 607: document.fileupload.action = "/adm/testbank";
1.25 raeburn 608: }
609: if (mode == "imsimport") {
1.28 raeburn 610: document.fileupload.action = "/adm/imsimport";
1.25 raeburn 611: }
612: if (mode == "standard") {
1.28 raeburn 613: document.fileupload.action = "/adm/upload";
1.25 raeburn 614: }
1.28 raeburn 615: document.fileupload.submit();
1.25 raeburn 616: }
1.58 raeburn 617: // ]]>
618: </script>
619: ENDJS
1.25 raeburn 620: }
1.1 www 621:
1.58 raeburn 622: my $londocroot = $r->dir_config('lonDocRoot');
623: my $trailfile = $fn;
624: $trailfile =~ s{^/(priv/)}{$londocroot/$1};
1.1 www 625:
1.47 bisitz 626: # Breadcrumbs
1.59 raeburn 627: my $brcrum = [{'href' => &Apache::loncommon::authorspace($fn),
1.62 raeburn 628: 'text' => 'Authoring Space'},
1.47 bisitz 629: {'href' => '/adm/upload',
1.62 raeburn 630: 'text' => 'Upload file to Authoring Space'}];
631: $r->print(&Apache::loncommon::start_page('Upload file to Authoring Space',
1.47 bisitz 632: $javascript,
633: {'bread_crumbs' => $brcrum,})
634: .&Apache::loncommon::head_subbox(
1.58 raeburn 635: &Apache::loncommon::CSTR_pageheader($trailfile))
1.47 bisitz 636: );
1.3 www 637:
1.29 albertel 638: if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) {
1.52 www 639: $r->print('<p class="LC_info">'
1.46 bisitz 640: .&mt('Co-Author [_1]',$uname.':'.$udom)
1.44 bisitz 641: .'</p>'
642: );
1.22 albertel 643: }
1.69 raeburn 644: if ($warning) {
645: $r->print($warning);
646: }
1.51 raeburn 647: if ($env{'form.phase'} eq 'four') {
648: my $output = &phasefour($r,$fn,$uname,$udom,'author');
649: $r->print($output);
650: } elsif ($env{'form.phase'} eq 'three') {
1.53 raeburn 651: my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author');
1.37 raeburn 652: $r->print($output);
653: } elsif ($env{'form.phase'} eq 'two') {
1.58 raeburn 654: my ($output,$returnflag) = &phasetwo($r,$fn);
1.37 raeburn 655: $r->print($output);
1.22 albertel 656: } else {
1.63 raeburn 657: &phaseone($r,$fn,undef,$uname,$udom);
1.22 albertel 658: }
1.1 www 659:
1.31 albertel 660: $r->print(&Apache::loncommon::end_page());
1.69 raeburn 661: return OK;
1.1 www 662: }
1.7 www 663:
664: 1;
665: __END__
1.10 harris41 666:
667:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonupload.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / publisher