--- loncom/auth/lonacc.pm	2013/12/19 22:50:16	1.150
+++ loncom/auth/lonacc.pm	2016/08/05 20:27:18	1.159.2.2
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.150 2013/12/19 22:50:16 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.2 2016/08/05 20:27:18 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -109,7 +109,6 @@ sub cleanup {
     my ($r)=@_;
     if (! $r->is_initial_req()) { return DECLINED; }
     &Apache::lonnet::save_cache();
-    &Apache::lontexconvert::jsMath_reset();
     return OK;
 }
 
@@ -160,6 +159,8 @@ sub get_posted_cgi {
                         if (length($value) == 1) {
                             $value=~s/[\r\n]$//;
                         }
+                    } elsif ($fname =~ /\.(xls|doc|ppt)x$/i) {
+                        $value=~s/[\r\n]$//;
                     }
                     if (ref($fields) eq 'ARRAY') {
                         next if (!grep(/^\Q$name\E$/,@{$fields}));
@@ -281,14 +282,17 @@ sub sso_login {
     my ($r,$handle,$username) = @_;
 
     my $lonidsdir=$r->dir_config('lonIDsDir');
-    if (($r->user eq '') || ($username ne '') ||
+    if (($r->user eq '') || ($username ne '') || ($r->user eq 'public:public') ||
         (defined($env{'user.name'}) && (defined($env{'user.domain'}))
 	  && ($handle ne ''))) {
 	# not an SSO case or already logged in
 	return undef;
     }
 
-    my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
+    my ($user) = ($r->user =~ m/^($match_username)$/);
+    if ($user eq '') {
+        return undef;
+    }
 
     my $query = $r->args;
     my %form;
@@ -305,7 +309,10 @@ sub sso_login {
     my %sessiondata;
     if ($form{'iptoken'}) {
         %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
-        my $delete = &Apache::lonnet::tmpdel($form{'token'});
+        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+        unless ($sessiondata{'sessionserver'}) {
+            delete($form{'iptoken'});
+        }
     }
 
     my $domain = $r->dir_config('lonSSOUserDomain');
@@ -317,8 +324,8 @@ sub sso_login {
 	&Apache::lonnet::logthis(" SSO authorized user $user ");
         my ($is_balancer,$otherserver,$hosthere);
         if ($form{'iptoken'}) {
-            if (($sessiondata{'domain'} eq $form{'udom'}) &&
-                ($sessiondata{'username'} eq $form{'uname'})) {
+            if (($sessiondata{'domain'} eq $domain) &&
+                ($sessiondata{'username'} eq $user)) {
                 $hosthere = 1;
             }
         }
@@ -359,11 +366,16 @@ sub sso_login {
 		      'server'    => $r->dir_config('lonHostID'),
 		      'sso.login' => 1
 		      );
-            foreach my $item ('role','symb') {
+            foreach my $item ('role','symb','iptoken') {
                 if (exists($form{$item})) {
                     $info{$item} = $form{$item};
                 }
             }
+            unless ($info{'symb'}) {
+                unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) {
+                    $info{'origurl'} = $r->uri; 
+                }
+            }
             if ($r->dir_config("ssodirecturl") == 1) {
                 $info{'origurl'} = $r->uri;
             }
@@ -379,10 +391,8 @@ sub sso_login {
 	    $r->set_handlers('PerlHandler'=> undef);
 	}
 	return OK;
-    } elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {
+    } else {
 	&Apache::lonnet::logthis(" SSO authorized unknown user $user ");
-        $r->subprocess_env->set('SSOUserUnknown' => $user);
-        $r->subprocess_env->set('SSOUserDomain' => $domain);
         my @cancreate;
         my %domconfig =
             &Apache::lonnet::get_dom('configuration',['usercreation'],$domain);
@@ -396,13 +406,18 @@ sub sso_login {
                 }
             }
         }
-        if (grep(/^sso$/,@cancreate)) {
-            $r->internal_redirect('/adm/createaccount');
-        } else {
-	    $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
+        if ((grep(/^sso$/,@cancreate)) || (defined($r->dir_config('lonSSOUserUnknownRedirect')))) {
+            $r->subprocess_env->set('SSOUserUnknown' => $user);
+            $r->subprocess_env->set('SSOUserDomain' => $domain);
+            if (grep(/^sso$/,@cancreate)) {
+                $r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]);
+                $r->handler('perl-script');
+            } else {
+	        $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
+                $r->set_handlers('PerlHandler'=> undef);
+            }
+	    return OK;
         }
-	$r->set_handlers('PerlHandler'=> undef);
-	return OK;
     }
     return undef;
 }
@@ -432,7 +447,10 @@ sub handler {
     my ($is_balancer,$otherserver);
 
     if ($handle eq '') {
-        unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
+        unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) ||
+                ($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) ||
+                ($requrl =~ m{^/adm/help/}) ||
+                ($requrl =~ m{^/res/$match_domain/$match_username/})) {
 	    $r->log_reason("Cookie not valid", $r->filename);
         }
     } elsif ($handle ne '') {
@@ -463,7 +481,7 @@ sub handler {
 	}
 	$env{'request.filename'} = $r->filename;
 	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
-        my $suppext;
+        my ($suppext,$checkabsolute);
         if ($requrl =~ m{^/adm/wrapper/ext/}) {
             my $query = $r->args;
             if ($query) {
@@ -484,6 +502,9 @@ sub handler {
                     $env{'request.external.querystring'} = $preserved;
                 }
             }
+            if ($env{'request.course.id'}) {
+                $checkabsolute = 1;
+            }
         } elsif ($env{'request.course.id'} &&
                  (($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) ||
                   ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
@@ -498,6 +519,20 @@ sub handler {
                     }
                 }
             }
+            if ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}) {
+                $checkabsolute = 1;
+            }
+        }
+        if ($checkabsolute) {
+            my $hostname = $r->hostname();
+            my $lonhost = &Apache::lonnet::host_from_dns($hostname);
+            if ($lonhost) {
+                my $actual = &Apache::lonnet::absolute_url($hostname);
+                my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
+                unless ($actual eq $expected) {
+                    $env{'request.use_absolute'} = $expected;
+                }
+            }
         }
 # -------------------------------------------------------- Load POST parameters
 
@@ -525,6 +560,10 @@ sub handler {
             if ($otherserver ne '') {
                 $env{'form.otherserver'} = $otherserver;
             }
+            unless (($env{'form.origurl'}) || ($r->uri eq '/adm/roles') ||
+                    ($r->uri eq '/adm/switchserver') || ($r->uri eq '/adm/sso')) {
+                $env{'form.origurl'} = $r->uri;
+            }
         }
 
 # ---------------------------------------------------------------- Check access
@@ -532,6 +571,13 @@ sub handler {
 	if ($requrl !~ m{^/(?:adm|public|prtspool)/}
 	    || $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
 	    my $access=&Apache::lonnet::allowed('bre',$requrl);
+            if ($handle eq '') {
+                unless ($access eq 'F') {
+                    if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
+                        $r->log_reason("Cookie not valid", $r->filename);
+                    }
+                }
+            }
 	    if ($access eq '1') {
 		$env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
 		return HTTP_NOT_ACCEPTABLE;