--- loncom/auth/lonacc.pm	2020/07/19 16:41:27	1.159.2.8.2.2
+++ loncom/auth/lonacc.pm	2020/08/10 03:22:54	1.178
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.8.2.2 2020/07/19 16:41:27 raeburn Exp $
+# $Id: lonacc.pm,v 1.178 2020/08/10 03:22:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -102,6 +102,7 @@ use Apache::loncommon();
 use Apache::lonlocal;
 use Apache::restrictedaccess();
 use Apache::blockedaccess();
+use Apache::lonprotected();
 use Fcntl qw(:flock);
 use LONCAPA qw(:DEFAULT :match);
 
@@ -202,6 +203,14 @@ sub get_posted_cgi {
 			$fname='';
 			$fmime='';
 		    }
+                    if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
+                        # TODO: something with $1 !
+                        $i++;
+                    }
+                    if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
+                        # TODO: something with $1 !
+                        $i++;
+                    }
 		    $i++;
 		}
 	    } else {
@@ -377,7 +386,7 @@ sub sso_login {
 	} else {
 	    # need to login them in, so generate the need data that
 	    # migrate expects to do login
-            my $ip = $r->get_remote_host();
+	    my $ip = $r->get_remote_host();
 	    my %info=('ip'        => $ip,
 		      'domain'    => $domain,
 		      'username'  => $user,
@@ -528,7 +537,8 @@ sub handler {
             }
         } elsif ($env{'request.course.id'} &&
                  (($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) ||
-                  ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
+                  ($requrl eq "/public/$cdom/$cnum/syllabus") ||
+                  ($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
             my $query = $r->args;
             if ($query) {
                 foreach my $pair (split(/&/,$query)) {
@@ -599,9 +609,14 @@ sub handler {
             }
         }
         if ($requrl=~m{^/+tiny/+$match_domain/+\w+$}) {
-            return OK;
+            if ($env{'user.name'} eq 'public' &&
+                $env{'user.domain'} eq 'public') {
+                $env{'request.firsturl'}=$requrl;
+                return FORBIDDEN;
+            } else {
+                return OK;
+            }
         }
-
 # ---------------------------------------------------------------- Check access
 	my $now = time;
 	if ($requrl !~ m{^/(?:adm|public|(?:prt|zip)spool)/}
@@ -626,6 +641,10 @@ sub handler {
                 &Apache::blockedaccess::setup_handler($r);
                 return OK;
             }
+            if ($access eq 'D') {
+                &Apache::lonprotected::setup_handler($r);
+                return OK;
+            }
 	    if (($access ne '2') && ($access ne 'F')) {
                 if ($requrl =~ m{^/res/}) {
                     $access = &Apache::lonnet::allowed('bro',$requrl);
@@ -691,7 +710,8 @@ sub handler {
 		($requrl=~m|\.problem/smpedit$|) ||
 		($requrl=~/^\/public\/.*\/syllabus$/) ||
                 ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
-                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
+                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/) ||
+                ($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
 # ------------------------------------- This is serious stuff, get symb and log
 		my $symb;
 		if ($query) {
@@ -699,15 +719,15 @@ sub handler {
 		}
 		if ($env{'form.symb'}) {
 		    $symb=&Apache::lonnet::symbclean($env{'form.symb'});
-                    if ($requrl eq '/adm/navmaps') {
+		    if ($requrl eq '/adm/navmaps') {
                         my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
                         &Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
-                    } elsif ($requrl =~ m|^/adm/wrapper/|
+		    } elsif ($requrl =~ m|^/adm/wrapper/|
 			|| $requrl =~ m|^/adm/coursedocs/showdoc/|) {
 			my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
                         if ($map =~ /\.page$/) {
                             my $mapsymb = &Apache::lonnet::symbread($map);
-                            ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
+                            ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb); 
                         }
 			&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
 						  'last_known' =>[$murl,$mid]);
@@ -753,8 +773,8 @@ sub handler {
                                     my $mapsymb = &Apache::lonnet::symbread($map);
                                     ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
                                 }
-                                &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
-                                                          'last_known' =>[$murl,$mid]);
+			        &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
+						          'last_known' =>[$murl,$mid]);
                             }
 		        }
 		    }
@@ -805,7 +825,7 @@ sub handler {
 # ------------------------------------ See if this is a viewable portfolio file
     if (&Apache::lonnet::is_portfolio_url($requrl)) {
         my $clientip = $r->get_remote_host();
-	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
+        my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
 	if ($access eq 'A') {
 	    &Apache::restrictedaccess::setup_handler($r);
 	    return OK;