File:  [LON-CAPA] / loncom / publisher / lonupload.pm
Revision 1.13: download - view: text, annotated - select for diffs
Sat Aug 24 03:56:58 2002 UTC (22 years, 4 months ago) by foxr
Branches: MAIN
CVS tags: HEAD
Bug 442: Two issues with special chars. solved here:
1. spaces in names - escape works fine on this issue.
2. apostrophe's in uploaded file names:

Apostrophe solution not so easy as spaces:  The problem was in the
Frame src tag for the lower frame of construction space.. it's of the form:
<frame> src='$lowerframe' ...Thanks to matt for finding this.
The embedded ' closes the src from the point of view of the html.  Amazingly the
 extra characters don't cause browsers to complain.  The problem: demonstrably,
escaping via lonnet::escape does nothing worth while.  Using my handy dandy
html pocket guide, I determined that lonnet::escape is too simple minded
and may in fact be not quite right.  did a:
1. made the quotations " rather than '
2. Substituted for " in $lowerframe by:
   $lowerframe=~s/\"/&quot\;/g;

Turning " -> &quot; as per the entity chart on pg 82 of HTML Pocket ref.
This works fine.


# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
# $Id: lonupload.pm,v 1.13 2002/08/24 03:56:58 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
# (Handler to retrieve an old version of a file
#
# (Publication Handler
# 
# (TeX Content Handler
#
# YEAR=2000
# 05/29/00,05/30,10/11 Gerd Kortemeyer)
#
# 11/28,11/29,11/30,12/01,12/02,12/04,12/23 Gerd Kortemeyer
# YEAR=2001
# 03/23 Guy Albertelli
# 03/24,03/29 Gerd Kortemeyer)
#
# 03/31,04/03 Gerd Kortemeyer)
#
# 04/05,04/09,05/25,06/23,06/24,08/22 Gerd Kortemeyer
# 11/29 Matthew Hall
# 12/16 Scott Harrison
#
###

package Apache::lonupload;

use strict;
use Apache::File;
use File::Copy;
use File::Basename;
use Apache::Constants qw(:common :http :methods);
use Apache::loncacc;
use Apache::loncommon();
use Apache::Log();
use Apache::lonnet;

my $DEBUG=0;

sub Debug {
  
  # Marshall the parameters.
  
  my $r       = shift;
  my $log     = $r->log;
  my $message = shift;
  
  # Put out the indicated message butonly if DEBUG is false.
  
  if ($DEBUG) {
    $log->debug($message);
  }
}

sub upfile_store {
    my $r=shift;
	
    my $fname=$ENV{'form.upfile.filename'};
    $fname=~s/\W//g;
    
    chop($ENV{'form.upfile'});
  
    my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}.
		  '_upload_'.$fname.'_'.time.'_'.$$;
    {
       my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
                                   '/tmp/'.$datatoken.'.tmp');
       print $fh $ENV{'form.upfile'};
    }
    return $datatoken;
}


sub phaseone {
   my ($r,$fn,$uname,$udom)=@_;
   $ENV{'form.upfile.filename'}=~s/\\/\//g;
   $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
   if ($ENV{'form.upfile.filename'}) {
    $fn=~s/\/[^\/]+$//;
    $fn=~s/([^\/])$/$1\//;
    $fn.=$ENV{'form.upfile.filename'};
    $fn=~s/^\///;
    $fn=~s/(\/)+/\//g;

#    Fn is the full path to the destination filename.
#    

    &Debug($r, "Filename for upload: $fn");
    if (($fn) && ($fn!~/\/$/)) {
      $r->print(
 '<form action=/adm/upload method=post>'.
 '<input type=hidden name=phase value=two>'.
 '<input type=hidden name=datatoken value="'.&upfile_store.'">'.
 'Store uploaded file as '.
 '<input type=text size=50 name=filename value="/priv/'.
  $uname.'/'.$fn.'"><br>'.
 '<input type=submit value="Store"></form>');
      # Check for bad extension and warn user
      if ($fn=~/\.(\w+)$/ && 
	  (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
	  $r->print(
 '<font color=red>'.
 'The extension on this file, "'.$1.
 '", is reserved internally by LON-CAPA. <br \>'.
 'Please change the extension.'.
 '</font>');
      } elsif($fn=~/\.(\w+)$/ && 
	      !defined(&Apache::loncommon::fileembstyle($1))) {
	  $r->print(
 '<font color=red>'.
 'The extension on this file, "'.$1.
 '", is not recognized by LON-CAPA. <br \>'.
 'Please change the extension.'.
 '</font>');
      }
  } else {
      $r->print('<font color=red>Illegal filename.</font>');
  }
 } else {
     $r->print('<font color=red>No upload file specified.</font>');
 }
}

sub phasetwo {
   my ($r,$fn,$uname,$udom)=@_;
   &Debug($r, "Filename is ".$fn);
   if ($fn=~/^\/priv\/$uname\//) {
    &Debug($r, "Filename after priv substitution: ".$fn);
    my $tfn=$fn;
    $tfn=~s/^\/(\~|priv)\/(\w+)//;
    &Debug($r, "Filename for tfn = ".$tfn);
    my $target='/home/'.$uname.'/public_html'.$tfn;
    &Debug($r, "target -> ".$target);
#     target is the full filesystem path of the destination file.
    my $base = &File::Basename::basename($fn);
    my $path = &File::Basename::dirname($fn);
    $base    = Apache::lonnet::escape($base);
    my $url  = $path."/".$base; 
    &Debug($r, "URL is now ".$url);
    my $datatoken=$ENV{'form.datatoken'};
    if (($fn) && ($datatoken)) {
	if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
           $r->print(
 '<form action=/adm/upload method=post>'.
 'File <tt>'.$fn.'</tt> exists. Overwrite? '.
 '<input type=hidden name=phase value=two>'.
 '<input type=hidden name=filename value="'."$url".'">'.
 '<input type=hidden name=datatoken value="'.$datatoken.'">'.
 '<input type=submit name=override value="Yes"></form>');
       } else {
           my $source=$r->dir_config('lonDaemons').
	                             '/tmp/'.$datatoken.'.tmp';
           # Check for bad extension and disallow upload
	   if ($fn=~/\.(\w+)$/ && 
	       (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
	       $r->print(
 'File <tt>'.$fn.'</tt> could not be copied.<br />'.
 '<font color=red>'.
 'The extension on this file is reserved internally by LON-CAPA.'.
 '</font>');
	   } elsif ($fn=~/\.(\w+)$/ && 
		    !defined(&Apache::loncommon::fileembstyle($1))) {
	       $r->print(
 'File <tt>'.$fn.'</tt> could not be copied.<br />'.
 '<font color=red>'.
 'The extension on this file is not recognized by LON-CAPA.'.
 '</font>');
	   } elsif (copy($source,$target)) {
	       chmod(0660, $target); # Set permissions to rw-rw---.
	      $r->print('File copied.');
              $r->print('<p><font size=+2><a href="'.$url.
                        '">View file</a></font>');
	   } else {
              $r->print('Failed to copy: '.$!);
	   }
       }
    } else {
       $r->print(
   '<font size=+1 color=red>Please pick a filename</font><p>');
       &phaseone($r,$fn,$uname,$udom);
    }
  } else {
    $r->print(
   '<font size=+1 color=red>Please pick a filename</font><p>');
    &phaseone($r,$fn,$uname,$udom);
  }
}

# ---------------------------------------------------------------- Main Handler
sub handler {

  my $r=shift;

  my $uname;
  my $udom;

  ($uname,$udom)=
    &Apache::loncacc::constructaccess(
			 $ENV{'form.filename'},$r->dir_config('lonDefDomain'));
  unless (($uname) && ($udom)) {
     $r->log_reason($uname.' at '.$udom.
         ' trying to publish file '.$ENV{'form.filename'}.
         ' - not authorized', 
         $r->filename); 
     return HTTP_NOT_ACCEPTABLE;
  }

  my $fn;

  if ($ENV{'form.filename'}) {
      $fn=$ENV{'form.filename'};
      $fn=~s/^http\:\/\/[^\/]+\/(\~|priv\/)(\w+)//;
  } else {
     $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
         ' unspecified filename for upload', $r->filename); 
     return HTTP_NOT_FOUND;
  }

# ----------------------------------------------------------- Start page output


  $r->content_type('text/html');
  $r->send_http_header;

  $r->print('<html><head><title>LON-CAPA Construction Space</title></head>');

  $r->print(
   '<body bgcolor="#FFFFFF"><img align=right src=/adm/lonIcons/lonlogos.gif>');

  
  $r->print('<h1>Upload file to Construction Space</h1>');
  
  if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) {
          $r->print('<h3><font color=red>Co-Author: '.$uname.' at '.$udom.
               '</font></h3>');
  }


  if ($ENV{'form.phase'} eq 'two') {
      &phasetwo($r,$fn,$uname,$udom);
  } else {
      &phaseone($r,$fn,$uname,$udom);
  }

  $r->print('</body></html>');
  return OK;  
}

1;
__END__

=head1 NAME

Apache::lonupload - upload files into construction space

=head1 SYNOPSIS

Invoked by /etc/httpd/conf/srm.conf:

 <Location /adm/upload>
 PerlAccessHandler       Apache::lonacc
 SetHandler perl-script
 PerlHandler Apache::lonupload
 ErrorDocument     403 /adm/login
 ErrorDocument     404 /adm/notfound.html
 ErrorDocument     406 /adm/unauthorized.html
 ErrorDocument	  500 /adm/errorhandler
 </Location>

=head1 INTRODUCTION

This module uploads a file sitting on a client computer into 
library server construction space.

This is part of the LearningOnline Network with CAPA project
described at http://www.lon-capa.org.

=head1 HANDLER SUBROUTINE

This routine is called by Apache and mod_perl.

=over 4

=item *

Initialize variables

=item *

Start page output

=item *

output relevant interface phase (phaseone or phasetwo)

=item *

(phase one is to specify upload file; phase two is to handle conditions
subsequent to specification--like overwriting an existing file)

=back

=head1 OTHER SUBROUTINES

=over 4

=item *

phaseone() : Interface for specifying file to upload.

=item *

phasetwo() : Interface for handling post-conditions about uploading (such
as overwriting an existing file).

=item *

upfile_store() : Store contents of uploaded file into temporary space.  Invoked
by phaseone subroutine.

=back

=cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>