File:
[LON-CAPA] /
loncom /
publisher /
lonupload.pm
Revision
1.13:
download - view:
text,
annotated -
select for diffs
Sat Aug 24 03:56:58 2002 UTC (22 years, 4 months ago) by
foxr
Branches:
MAIN
CVS tags:
HEAD
Bug 442: Two issues with special chars. solved here:
1. spaces in names - escape works fine on this issue.
2. apostrophe's in uploaded file names:
Apostrophe solution not so easy as spaces: The problem was in the
Frame src tag for the lower frame of construction space.. it's of the form:
<frame> src='$lowerframe' ...Thanks to matt for finding this.
The embedded ' closes the src from the point of view of the html. Amazingly the
extra characters don't cause browsers to complain. The problem: demonstrably,
escaping via lonnet::escape does nothing worth while. Using my handy dandy
html pocket guide, I determined that lonnet::escape is too simple minded
and may in fact be not quite right. did a:
1. made the quotations " rather than '
2. Substituted for " in $lowerframe by:
$lowerframe=~s/\"/"\;/g;
Turning " -> " as per the entity chart on pg 82 of HTML Pocket ref.
This works fine.
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
# $Id: lonupload.pm,v 1.13 2002/08/24 03:56:58 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
# (Handler to retrieve an old version of a file
#
# (Publication Handler
#
# (TeX Content Handler
#
# YEAR=2000
# 05/29/00,05/30,10/11 Gerd Kortemeyer)
#
# 11/28,11/29,11/30,12/01,12/02,12/04,12/23 Gerd Kortemeyer
# YEAR=2001
# 03/23 Guy Albertelli
# 03/24,03/29 Gerd Kortemeyer)
#
# 03/31,04/03 Gerd Kortemeyer)
#
# 04/05,04/09,05/25,06/23,06/24,08/22 Gerd Kortemeyer
# 11/29 Matthew Hall
# 12/16 Scott Harrison
#
###
package Apache::lonupload;
use strict;
use Apache::File;
use File::Copy;
use File::Basename;
use Apache::Constants qw(:common :http :methods);
use Apache::loncacc;
use Apache::loncommon();
use Apache::Log();
use Apache::lonnet;
my $DEBUG=0;
sub Debug {
# Marshall the parameters.
my $r = shift;
my $log = $r->log;
my $message = shift;
# Put out the indicated message butonly if DEBUG is false.
if ($DEBUG) {
$log->debug($message);
}
}
sub upfile_store {
my $r=shift;
my $fname=$ENV{'form.upfile.filename'};
$fname=~s/\W//g;
chop($ENV{'form.upfile'});
my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}.
'_upload_'.$fname.'_'.time.'_'.$$;
{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');
print $fh $ENV{'form.upfile'};
}
return $datatoken;
}
sub phaseone {
my ($r,$fn,$uname,$udom)=@_;
$ENV{'form.upfile.filename'}=~s/\\/\//g;
$ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
if ($ENV{'form.upfile.filename'}) {
$fn=~s/\/[^\/]+$//;
$fn=~s/([^\/])$/$1\//;
$fn.=$ENV{'form.upfile.filename'};
$fn=~s/^\///;
$fn=~s/(\/)+/\//g;
# Fn is the full path to the destination filename.
#
&Debug($r, "Filename for upload: $fn");
if (($fn) && ($fn!~/\/$/)) {
$r->print(
'<form action=/adm/upload method=post>'.
'<input type=hidden name=phase value=two>'.
'<input type=hidden name=datatoken value="'.&upfile_store.'">'.
'Store uploaded file as '.
'<input type=text size=50 name=filename value="/priv/'.
$uname.'/'.$fn.'"><br>'.
'<input type=submit value="Store"></form>');
# Check for bad extension and warn user
if ($fn=~/\.(\w+)$/ &&
(&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
$r->print(
'<font color=red>'.
'The extension on this file, "'.$1.
'", is reserved internally by LON-CAPA. <br \>'.
'Please change the extension.'.
'</font>');
} elsif($fn=~/\.(\w+)$/ &&
!defined(&Apache::loncommon::fileembstyle($1))) {
$r->print(
'<font color=red>'.
'The extension on this file, "'.$1.
'", is not recognized by LON-CAPA. <br \>'.
'Please change the extension.'.
'</font>');
}
} else {
$r->print('<font color=red>Illegal filename.</font>');
}
} else {
$r->print('<font color=red>No upload file specified.</font>');
}
}
sub phasetwo {
my ($r,$fn,$uname,$udom)=@_;
&Debug($r, "Filename is ".$fn);
if ($fn=~/^\/priv\/$uname\//) {
&Debug($r, "Filename after priv substitution: ".$fn);
my $tfn=$fn;
$tfn=~s/^\/(\~|priv)\/(\w+)//;
&Debug($r, "Filename for tfn = ".$tfn);
my $target='/home/'.$uname.'/public_html'.$tfn;
&Debug($r, "target -> ".$target);
# target is the full filesystem path of the destination file.
my $base = &File::Basename::basename($fn);
my $path = &File::Basename::dirname($fn);
$base = Apache::lonnet::escape($base);
my $url = $path."/".$base;
&Debug($r, "URL is now ".$url);
my $datatoken=$ENV{'form.datatoken'};
if (($fn) && ($datatoken)) {
if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
$r->print(
'<form action=/adm/upload method=post>'.
'File <tt>'.$fn.'</tt> exists. Overwrite? '.
'<input type=hidden name=phase value=two>'.
'<input type=hidden name=filename value="'."$url".'">'.
'<input type=hidden name=datatoken value="'.$datatoken.'">'.
'<input type=submit name=override value="Yes"></form>');
} else {
my $source=$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp';
# Check for bad extension and disallow upload
if ($fn=~/\.(\w+)$/ &&
(&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
$r->print(
'File <tt>'.$fn.'</tt> could not be copied.<br />'.
'<font color=red>'.
'The extension on this file is reserved internally by LON-CAPA.'.
'</font>');
} elsif ($fn=~/\.(\w+)$/ &&
!defined(&Apache::loncommon::fileembstyle($1))) {
$r->print(
'File <tt>'.$fn.'</tt> could not be copied.<br />'.
'<font color=red>'.
'The extension on this file is not recognized by LON-CAPA.'.
'</font>');
} elsif (copy($source,$target)) {
chmod(0660, $target); # Set permissions to rw-rw---.
$r->print('File copied.');
$r->print('<p><font size=+2><a href="'.$url.
'">View file</a></font>');
} else {
$r->print('Failed to copy: '.$!);
}
}
} else {
$r->print(
'<font size=+1 color=red>Please pick a filename</font><p>');
&phaseone($r,$fn,$uname,$udom);
}
} else {
$r->print(
'<font size=+1 color=red>Please pick a filename</font><p>');
&phaseone($r,$fn,$uname,$udom);
}
}
# ---------------------------------------------------------------- Main Handler
sub handler {
my $r=shift;
my $uname;
my $udom;
($uname,$udom)=
&Apache::loncacc::constructaccess(
$ENV{'form.filename'},$r->dir_config('lonDefDomain'));
unless (($uname) && ($udom)) {
$r->log_reason($uname.' at '.$udom.
' trying to publish file '.$ENV{'form.filename'}.
' - not authorized',
$r->filename);
return HTTP_NOT_ACCEPTABLE;
}
my $fn;
if ($ENV{'form.filename'}) {
$fn=$ENV{'form.filename'};
$fn=~s/^http\:\/\/[^\/]+\/(\~|priv\/)(\w+)//;
} else {
$r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
' unspecified filename for upload', $r->filename);
return HTTP_NOT_FOUND;
}
# ----------------------------------------------------------- Start page output
$r->content_type('text/html');
$r->send_http_header;
$r->print('<html><head><title>LON-CAPA Construction Space</title></head>');
$r->print(
'<body bgcolor="#FFFFFF"><img align=right src=/adm/lonIcons/lonlogos.gif>');
$r->print('<h1>Upload file to Construction Space</h1>');
if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) {
$r->print('<h3><font color=red>Co-Author: '.$uname.' at '.$udom.
'</font></h3>');
}
if ($ENV{'form.phase'} eq 'two') {
&phasetwo($r,$fn,$uname,$udom);
} else {
&phaseone($r,$fn,$uname,$udom);
}
$r->print('</body></html>');
return OK;
}
1;
__END__
=head1 NAME
Apache::lonupload - upload files into construction space
=head1 SYNOPSIS
Invoked by /etc/httpd/conf/srm.conf:
<Location /adm/upload>
PerlAccessHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::lonupload
ErrorDocument 403 /adm/login
ErrorDocument 404 /adm/notfound.html
ErrorDocument 406 /adm/unauthorized.html
ErrorDocument 500 /adm/errorhandler
</Location>
=head1 INTRODUCTION
This module uploads a file sitting on a client computer into
library server construction space.
This is part of the LearningOnline Network with CAPA project
described at http://www.lon-capa.org.
=head1 HANDLER SUBROUTINE
This routine is called by Apache and mod_perl.
=over 4
=item *
Initialize variables
=item *
Start page output
=item *
output relevant interface phase (phaseone or phasetwo)
=item *
(phase one is to specify upload file; phase two is to handle conditions
subsequent to specification--like overwriting an existing file)
=back
=head1 OTHER SUBROUTINES
=over 4
=item *
phaseone() : Interface for specifying file to upload.
=item *
phasetwo() : Interface for handling post-conditions about uploading (such
as overwriting an existing file).
=item *
upfile_store() : Store contents of uploaded file into temporary space. Invoked
by phaseone subroutine.
=back
=cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>