--- loncom/auth/lonacc.pm	2015/03/11 17:27:15	1.159.2.1
+++ loncom/auth/lonacc.pm	2015/12/03 20:40:21	1.162
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.1 2015/03/11 17:27:15 raeburn Exp $
+# $Id: lonacc.pm,v 1.162 2015/12/03 20:40:21 damieng Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -203,6 +203,14 @@ sub get_posted_cgi {
 			$fname='';
 			$fmime='';
 		    }
+                    if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
+                        # TODO: something with $1 !
+                        $i++;
+                    }
+                    if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
+                        # TODO: something with $1 !
+                        $i++;
+                    }
 		    $i++;
 		}
 	    } else {
@@ -606,6 +614,12 @@ sub handler {
                             return HTTP_NOT_ACCEPTABLE;
                         }
                     }
+                } elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
+                    my $clientip = $r->get_remote_host();
+                    if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
+                        $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                        return HTTP_NOT_ACCEPTABLE;
+                    }
                 } else {
 		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		    return HTTP_NOT_ACCEPTABLE;
@@ -744,7 +758,8 @@ sub handler {
     }
 # ------------------------------------ See if this is a viewable portfolio file
     if (&Apache::lonnet::is_portfolio_url($requrl)) {
-	my $access=&Apache::lonnet::allowed('bre',$requrl);
+        my $clientip = $r->get_remote_host();
+        my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
 	if ($access eq 'A') {
 	    &Apache::restrictedaccess::setup_handler($r);
 	    return OK;