--- loncom/auth/lonacc.pm	2009/07/23 17:40:29	1.126
+++ loncom/auth/lonacc.pm	2010/10/29 20:41:49	1.135
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.126 2009/07/23 17:40:29 raeburn Exp $
+# $Id: lonacc.pm,v 1.135 2010/10/29 20:41:49 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -156,7 +156,7 @@ sub get_posted_cgi {
 	for ($i=0;$i<=$#lines;$i++) {
 	    if ($lines[$i]=~/^--\Q$contentsep\E/) {
 		if ($name) {
-		    chomp($value);
+		    $value=~s/[\r\n]+$//;
                     if (ref($fields) eq 'ARRAY') {
                         next if (!grep(/^\Q$name\E$/,@{$fields}));
                     }
@@ -281,13 +281,11 @@ sub sso_login {
     my $query = $r->args;
     my %form;
     if ($query) {
-        foreach my $pair (split(/&/,$query)) {
-            my ($name, $value) = split(/=/,$pair);
-            $name = &unescape($name);
-            if (($name eq 'role') || ($name eq 'symb')) {
-                $value =~ tr/+/ /;
-                $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
-                $form{$name} = $value;
+        my @items = ('role','symb');
+        &Apache::loncommon::get_unprocessed_cgi($query,\@items);
+        foreach my $item (@items) {
+            if (defined($env{'form.'.$item})) {
+                $form{$item} = $env{'form.'.$item};
             }
         }
     }
@@ -299,7 +297,7 @@ sub sso_login {
 	if ($r->dir_config("lonBalancer") eq 'yes') {
 	    # login but immeaditly go to switch server to find us a new 
 	    # machine
-	    &Apache::lonauth::success($r,$user,$domain,$home,'noredirect','',\%form);
+	    &Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
             $env{'request.sso.login'} = 1;
             if (defined($r->dir_config("lonSSOReloginServer"))) {
                 $env{'request.sso.reloginserver'} =
@@ -413,6 +411,22 @@ sub handler {
 	}
 	$env{'request.filename'} = $r->filename;
 	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+        if ($requrl =~ m{^/adm/wrapper/ext/}) {
+            my $query = $r->args;
+            if ($query) {
+                my $preserved;
+                foreach my $pair (split(/&/,$query)) {
+                    my ($name, $value) = split(/=/,$pair);
+                    unless ($name eq 'symb') {
+                        $preserved .= $pair.'&';
+                    }
+                }
+                $preserved =~ s/\&$//;
+                if ($preserved) {
+                    $env{'request.external.querystring'} = $preserved;
+                }
+            }
+        }
 # -------------------------------------------------------- Load POST parameters
 
 	&Apache::lonacc::get_posted_cgi($r);
@@ -435,8 +449,24 @@ sub handler {
                 return OK;
             }
 	    if (($access ne '2') && ($access ne 'F')) {
-		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
-		return HTTP_NOT_ACCEPTABLE; 
+                if ($requrl =~ m{^/res/}) {
+                    $access = &Apache::lonnet::allowed('bro',$requrl);
+                    if ($access ne 'F') {
+                        if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
+                            $access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
+                            if ($access ne 'F') {
+                                $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                                return HTTP_NOT_ACCEPTABLE;
+                            }
+                        } else {
+                            $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                            return HTTP_NOT_ACCEPTABLE;
+                        }
+                    }
+                } else {
+		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		    return HTTP_NOT_ACCEPTABLE;
+                }
 	    }
 	}
 	if ($requrl =~ m|^/prtspool/|) {
@@ -459,6 +489,7 @@ sub handler {
 	    $env{'user.domain'} eq 'public' &&
 	    $requrl !~ m{^/+(res|public|uploaded)/} &&
 	    $requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
+        $requrl !~ m{^/adm/blockingstatus/.*$} &&
 	    $requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
 	    $env{'request.querystring'}=$r->args;
 	    $env{'request.firsturl'}=$requrl;
@@ -470,11 +501,13 @@ sub handler {
 	    $requrl=~/\.(\w+)$/;
             my $query=$r->args;
 	    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
-		($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$ )/x) ||
+		($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
 		($requrl=~/^\/adm\/wrapper\//) ||
 		($requrl=~m|^/adm/coursedocs/showdoc/|) ||
 		($requrl=~m|\.problem/smpedit$|) ||
-		($requrl=~/^\/public\/.*\/syllabus$/)) {
+		($requrl=~/^\/public\/.*\/syllabus$/) ||
+                ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
+                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
 # ------------------------------------- This is serious stuff, get symb and log
 		my $symb;
 		if ($query) {
@@ -489,7 +522,9 @@ sub handler {
 						  'last_known' =>[$murl,$mid]);
 		    } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
 			     (($requrl=~m|(.*)/smpedit$|) &&
-			      &Apache::lonnet::symbverify($symb,$1))) {
+			      &Apache::lonnet::symbverify($symb,$1)) ||
+                             (($requrl=~m|(.*/aboutme)/portfolio$|) &&
+                              &Apache::lonnet::symbverify($symb,$1))) {
 			my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
 			&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
 						  'last_known' =>[$murl,$mid]);
@@ -501,6 +536,9 @@ sub handler {
 			return HTTP_NOT_ACCEPTABLE; 
 		    }
 		} else {
+                    if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
+                        $requrl = $1;
+                    }
 		    $symb=&Apache::lonnet::symbread($requrl);
 		    if (&Apache::lonnet::is_on_map($requrl) && $symb &&
 			!&Apache::lonnet::symbverify($symb,$requrl)) {