version 1.1, 2015/12/03 20:40:27
|
version 1.4, 2016/03/18 18:21:01
|
Line 41 use Apache::xml_to_loncapa;
|
Line 41 use Apache::xml_to_loncapa;
|
sub handler { |
sub handler { |
my $request = shift; |
my $request = shift; |
|
|
my $path = $env{'form.path'}; # should be in the form "/daxeopen/priv/..." |
$request->content_type('text/plain'); |
|
|
|
# path should be in the form "/daxeopen/priv/..." |
|
# or ^/daxeopen/uploaded/[^/]+/[^/]+/.*html?$ |
|
my $path = $env{'form.path'}; |
$path =~ s/^\/daxeopen//; |
$path =~ s/^\/daxeopen//; |
|
|
my $allowed; |
my $allowed = 0; |
my ($ownername,$ownerdom,$ownerhome) = |
if ($path =~ /^\/priv/) { |
&Apache::lonnet::constructaccess($path, 'setpriv'); |
my ($ownername,$ownerdom,$ownerhome) = |
if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { |
&Apache::lonnet::constructaccess($path, 'setpriv'); |
unless ($ownerhome eq 'no_host') { |
if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { |
my @hosts = &Apache::lonnet::current_machine_ids(); |
unless ($ownerhome eq 'no_host') { |
if (grep(/^\Q$ownerhome\E$/,@hosts)) { |
my @hosts = &Apache::lonnet::current_machine_ids(); |
$allowed = 1; |
if (grep(/^\Q$ownerhome\E$/,@hosts)) { |
|
$allowed = 1; |
|
} |
|
} |
|
} |
|
} elsif ($path =~ m|^/uploaded/[^/]+/[^/]+/|) { |
|
if ($env{'user.name'} ne '' && $env{'user.domain'} ne '' && $env{'request.course.id'}) { |
|
$cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; |
|
$cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; |
|
if ($path =~ m|^/uploaded/\Q$cdom\E/\Q$cnum\E/| && $path !~ /\.\./) { |
|
if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) { |
|
$allowed = 1; |
|
} |
} |
} |
} |
} |
} |
} |
unless ($allowed) { |
unless ($allowed) { |
$request->log_reason("Unauthorized path: $path", $path); |
$request->log_reason("Unauthorized path: $path", $path); |
return HTTP_NOT_ACCEPTABLE; |
$request->print("error\nUnauthorized path: $path"); |
|
$request->status(403); |
|
return OK; |
} |
} |
|
|
my $newpath = &Apache::lonnet::filelocation('', $path); |
my $newpath = &Apache::lonnet::filelocation('', $path); |