--- loncom/auth/publiccheck.pm 2013/02/08 16:23:56 1.21 +++ loncom/auth/publiccheck.pm 2017/06/06 22:37:18 1.24.2.1 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: publiccheck.pm,v 1.21 2013/02/08 16:23:56 raeburn Exp $ +# $Id: publiccheck.pm,v 1.24.2.1 2017/06/06 22:37:18 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -44,16 +44,10 @@ sub handler { my $requrl=$r->uri; if (&Apache::lonnet::is_domainimage($requrl)) { - if (($r->user() eq '') && ($Apache::lonnet::apache >= 2.4)) { - $r->user('public'); - } return OK; } if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) { - if (($r->user() eq '') && ($Apache::lonnet::apache >= 2.4)) { - $r->user('public'); - } return OK; } @@ -70,13 +64,13 @@ sub handler { || $requrl=~m|^/adm/help/.*\.hlp$| || $requrl=~m|^/adm/[^/]+/[^/]+/aboutme/portfolio$| || (&Apache::lonnet::metadata($requrl,'copyright') eq 'public') - || $requrl=~m|^/adm/blockingstatus/.*$|) { + || $requrl=~m|^/adm/blockingstatus/.*$|) { &process_public($r,$requrl); return OK; } elsif (&Apache::lonnet::is_portfolio_url($requrl)) { my (undef,$udom,$unum,$file_name,$group) = &Apache::lonnet::parse_portfolio_url($requrl); - my $access = &process_portfolio($udom,$unum,$file_name,$group); + my $access = &process_portfolio($r,$udom,$unum,$file_name,$group); if ($access) { &process_public($r,$requrl,$access); return OK; @@ -98,7 +92,7 @@ sub process_public { my $cookie=&Apache::lonauth::success($r,'public','public','public'); my $lonidsdir=$r->dir_config('lonIDsDir'); &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie); - $r->err_header_out('Set-cookie',"lonID=$cookie; path=/"); + $r->err_header_out('Set-cookie',"lonID=$cookie; path=/; HttpOnly"); } &Apache::lonacc::get_posted_cgi($r); $env{'request.state'} = "published"; @@ -108,11 +102,12 @@ sub process_public { } sub process_portfolio { - my ($udom,$unum,$file_name,$group) = @_; + my ($r,$udom,$unum,$file_name,$group) = @_; my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum); my %access_controls = &Apache::lonnet::get_access_controls($current_perms,$group,$file_name); my $access = ''; my $now = time; + my $clientip = $r->get_remote_host(); foreach my $key (keys(%{$access_controls{$file_name}})) { my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/); if ($start > $now) { @@ -125,6 +120,16 @@ sub process_portfolio { $access = 'public'; last; } + if ($scope eq 'ip') { + if (ref($access_controls{$file_name}{$key}) eq 'HASH') { + if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') { + if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) { + $access = 'ip'; + last; + } + } + } + } if ($scope eq 'guest') { $access = 'guest'; }