--- loncom/homework/daxeopen.pm 2017/02/23 21:32:08 1.5 +++ loncom/homework/daxeopen.pm 2023/08/23 22:25:48 1.10 @@ -1,7 +1,7 @@ # The LearningOnline Network # Opening converted problems and directory listings for Daxe # -# $Id: daxeopen.pm,v 1.5 2017/02/23 21:32:08 damieng Exp $ +# $Id: daxeopen.pm,v 1.10 2023/08/23 22:25:48 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -28,8 +28,9 @@ ### package Apache::daxeopen; +use strict; -use Apache::Constants; +use Apache::Constants qw(:common); use DateTime; use Try::Tiny; use File::stat; @@ -41,16 +42,16 @@ use Apache::lonnet; use Apache::pre_xml; use Apache::html_to_xml; use Apache::post_xml; - +use Apache::lonlocal; sub handler { my $request = shift; my $uri = $request->uri; - $uri =~ s/^\/daxeopen//; + $uri =~ s{^/daxeopen}{}; &Apache::loncommon::no_cache($request); - if ($uri =~ /\/$/) { + if ($uri =~ m{/$}) { return directory_listing($uri, $request); - } elsif ($uri =~ /\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$/) { + } elsif ($uri =~ m{^/priv/.*\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$}) { return convert_problem($uri, $request); } else { # Apache should send other files directly @@ -61,7 +62,16 @@ sub handler { sub convert_problem { my ($uri, $request) = @_; - + if ($uri =~ m{^/priv/([^/]+)/([^/]+)/}) { + my ($domain, $user) = ($1, $2); + my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); + if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } + } my $file = &Apache::lonnet::filelocation('', $uri); &Apache::lonnet::repcopy($file); if (! -e $file) { @@ -78,13 +88,13 @@ sub convert_problem { $case_sensitive = 0; } $textref = &Apache::html_to_xml::html_to_xml($textref, $warnings, $case_sensitive); - my $text = &Apache::post_xml::post_xml($textref, $file, $perlvar{'lonDocRoot'}, $warnings); + my $text = &Apache::post_xml::post_xml($textref, $file, $Apache::lonnet::perlvar{'lonDocRoot'}, $warnings); &Apache::loncommon::content_type($request, 'text/xml', 'utf-8'); $request->print($text); return OK; } catch { $request->content_type('text/plain'); - $request->print("convert failed for $file: $_"); + $request->print(&mt('convert failed for [_1]:',$file)." $_"); $request->status(406); return OK; }; @@ -96,27 +106,36 @@ sub directory_listing { if ($uri eq '/') { # root: let users browse /res $res .= "\n"; + $res .= "\n"; $res .= "\n"; } elsif ($uri !~ /^\/(priv|res)\//) { + $request->content_type('text/plain'); + $request->print(&mt('Not found: [_1]',$uri)); $request->status(404); return OK; - } elsif ($uri =~ /^\/res\//) { - (my $listref, $listerror) = &Apache::lonnet::dirlist($uri); + } elsif ($uri =~ m{^/res/}) { + # NOTE: dirlist does not return an error for /res/idontexist/ + my ($listref, $listerror) = &Apache::lonnet::dirlist($uri); if ($listerror) { $request->content_type('text/plain'); - $request->print("listing error: $listerror"); + $request->print(&mt('listing error: [_1]',$listerror)); $request->status(406); return OK; + } elsif ($uri =~ m{^/res/[^/]+/$} && scalar(@{$listref}) == 0) { + $request->content_type('text/plain'); + $request->print(&mt('Not found: [_1]',$uri)); + $request->status(404); + return OK; } my $dirname = $uri; - $dirname =~ s/^.*\/([^\/]*)$/$1/; + $dirname =~ s{^.*/([^/]*)$}{$1}; $res .= "\n"; if (ref($listref) eq 'ARRAY') { my @lines = @{$listref}; foreach my $line (@lines) { - my ($path, $dom, undef, $testdir, undef, undef, undef, undef, undef, undef, undef, undef, undef, undef, $obs, undef) = split(/\&/, $line, 16); + my ($path, $dom, undef, $testdir, undef, undef, undef, undef, $size, undef, $mtime, undef, undef, undef, $obs, undef) = split(/\&/, $line, 16); my $isdir = ($testdir & 16384) || $dom =~ /^(user|domain)$/; - $path =~ s/^\/home\/httpd\/html\/res\///; + $path =~ s{^/home/httpd/html/res/}{}; next if $path eq '.' || $path eq '..'; next if $path =~ /\.meta$/ || $obs || $path =~ /\.\d+\.[^.]+$/; if ($dom ne 'domain') { @@ -132,27 +151,67 @@ sub directory_listing { next if (&Apache::lonnet::is_course($udom, $uname)); } } - $path =~ s/\/$//; + $path =~ s{/$}{}; my $name = $path; if ($isdir) { $res .= "\n"; } else { - $res .= "\n"; + my $dt = DateTime->from_epoch(epoch => $mtime); + my $modified = $dt->iso8601().'Z'; + $res .= "\n"; } } } - } else { + } elsif ($uri eq '/priv/') { + my $udom = $env{'user.domain'}; + if (!defined $udom) { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } + $res .= "\n"; + $res .= "\n"; + } elsif ($uri =~ m{^/priv/([^/]+)/$}) { + my $domain = $1; + my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); + if (!defined $uname || !defined $udom || $domain ne $udom) { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } + $res .= "\n"; + $res .= "\n"; + } elsif ($uri =~ m{^/priv/([^/]+)/([^/]+)/}) { + my ($domain, $user) = ($1, $2); + my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); + if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { + $request->content_type('text/plain'); + $request->print(&mt('Forbidden URI: [_1]',$uri)); + $request->status(403); + return OK; + } my $dirpath = &Apache::lonnet::filelocation('', $uri); if (! -e $dirpath) { + $request->content_type('text/plain'); + $request->print(&mt('Not found: [_1]',$uri)); $request->status(404); return OK; } - $dirpath =~ s/\/$//; - opendir my $dir, $dirpath or die "Cannot open directory: $dirpath"; - my @files = readdir $dir; - closedir $dir; + $dirpath =~ s{/$}{}; + my @files; + if (opendir(my $dir, $dirpath)) { + @files = readdir($dir); + closedir($dir); + } else { + $request->content_type('text/plain'); + $request->print(&mt('Error opening directory: [_1]',$dirpath)); + $request->status(403); + return OK; + } my $dirname = $dirpath; - $dirname =~ s/^.*\/([^\/]*)$/$1/; + $dirname =~ s{^.*/([^/]*)$}{$1}; $res .= "\n"; foreach my $name (@files) { if ($name eq '.' || $name eq '..') { @@ -161,7 +220,7 @@ sub directory_listing { if ($name =~ /\.(bak|log|meta|save)$/) { next; } - $sb = stat($dirpath.'/'.$name); + my $sb = stat($dirpath.'/'.$name); my $mode = $sb->mode; if (S_ISDIR($mode)) { $res .= "\n"; @@ -176,6 +235,11 @@ sub directory_listing { $res .= "/>\n"; } } + } else { + $request->content_type('text/plain'); + $request->print(&mt('Not found: [_1]',$uri)); + $request->status(404); + return OK; } $res .= "\n"; &Apache::loncommon::content_type($request, 'text/xml', 'utf-8');