[BACK]Return to daxesave.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / homework

Diff for /loncom/homework/daxesave.pm between versions 1.1 and 1.4

version 1.1, 2015/12/03 20:40:27 version 1.4, 2016/03/18 18:21:01
Line 41  use Apache::xml_to_loncapa; Line 41  use Apache::xml_to_loncapa;
 sub handler {  sub handler {
     my $request = shift;      my $request = shift;
           
     my $path = $env{'form.path'}; # should be in the form "/daxeopen/priv/..."      $request->content_type('text/plain');
       
       # path should be in the form "/daxeopen/priv/..."
       # or ^/daxeopen/uploaded/[^/]+/[^/]+/.*html?$
       my $path = $env{'form.path'};
     $path =~ s/^\/daxeopen//;      $path =~ s/^\/daxeopen//;
           
     my $allowed;      my $allowed = 0;
     my ($ownername,$ownerdom,$ownerhome) =       if ($path =~ /^\/priv/) {
         &Apache::lonnet::constructaccess($path, 'setpriv');          my ($ownername,$ownerdom,$ownerhome) = 
     if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {              &Apache::lonnet::constructaccess($path, 'setpriv');
         unless ($ownerhome eq 'no_host') {          if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
             my @hosts = &Apache::lonnet::current_machine_ids();              unless ($ownerhome eq 'no_host') {
             if (grep(/^\Q$ownerhome\E$/,@hosts)) {                  my @hosts = &Apache::lonnet::current_machine_ids();
                 $allowed = 1;                  if (grep(/^\Q$ownerhome\E$/,@hosts)) {
                       $allowed = 1;
                   }
               }
           }
       } elsif ($path =~ m|^/uploaded/[^/]+/[^/]+/|) {
           if ($env{'user.name'} ne '' && $env{'user.domain'} ne '' && $env{'request.course.id'}) {
               $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
               $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
               if ($path =~ m|^/uploaded/\Q$cdom\E/\Q$cnum\E/| && $path !~ /\.\./) {
                   if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) {
                       $allowed = 1;
                   }
             }              }
         }          }
     }      }
     unless ($allowed) {      unless ($allowed) {
         $request->log_reason("Unauthorized path: $path", $path);           $request->log_reason("Unauthorized path: $path", $path);
         return HTTP_NOT_ACCEPTABLE;          $request->print("error\nUnauthorized path: $path");
           $request->status(403);
           return OK;
     }      }
   
     my $newpath = &Apache::lonnet::filelocation('', $path);      my $newpath = &Apache::lonnet::filelocation('', $path);
Removed from v.1.1  
changed lines
  Added in v.1.4

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>