--- loncom/auth/lonacc.pm 2004/11/11 22:18:23 1.52 +++ loncom/auth/lonacc.pm 2004/12/20 20:51:23 1.55 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.52 2004/11/11 22:18:23 raeburn Exp $ +# $Id: lonacc.pm,v 1.55 2004/12/20 20:51:23 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -109,6 +109,7 @@ sub handler { if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') || ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$)/) || ($requrl=~/^\/adm\/wrapper\//) || + ($requrl=~m|\.problem/smpedit$|) || ($requrl=~/^\/public\/.*\/syllabus$/)) { # ------------------------------------- This is serious stuff, get symb and log my $query=$r->args; @@ -122,7 +123,9 @@ sub handler { my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); &Apache::lonnet::symblist($map,$murl => $mid, 'last_known' => $murl); - } elsif (&Apache::lonnet::symbverify($symb,$requrl)) { + } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) || + (($requrl=~m|(.*)/smpedit$|) && + &Apache::lonnet::symbverify($symb,$1))) { my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); &Apache::lonnet::symblist($map,$murl => $mid, 'last_known' => $murl); @@ -135,6 +138,13 @@ sub handler { } } else { $symb=&Apache::lonnet::symbread($requrl); + if (!&Apache::lonnet::symbverify($symb,$requrl)) { + $r->log_reason('Invalid symb for '.$requrl.': '. + $symb); + $ENV{'user.error.msg'}= + "$requrl:bre:1:1:Invalid Access"; + return HTTP_NOT_ACCEPTABLE; + } my ($map,$mid,$murl)=split(/\_\_\_/,$symb); &Apache::lonnet::symblist($map,$murl => $mid, 'last_known' => $murl);