Return to daxesave.pm CVS log

Up to [LON-CAPA] / loncom / homework

- Support use of pop-up browser to insert image files into HTML files
  uploaded to Main Content or Supplemental Content areas of a course.

# The LearningOnline Network
# Convert and save a problem from Daxe.
#
# $Id: daxesave.pm,v 1.7 2023/08/28 18:58:44 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
###

package Apache::daxesave;
use strict;

use Apache::Constants qw(:common);
use Apache::lonnet;
use Try::Tiny;
use File::Copy;

use Apache::lonacc;
use Apache::loncommon;
use Apache::xml_to_loncapa;

sub handler {
    my $request = shift;
    
    $request->content_type('text/plain');
    
    # path should be in the form "/daxeopen/priv/..."
    # or "/daxeopen/uploaded/$cdom/$cnum/(docs|supplemental)/(default|\d+)/\d+/"
    my $path = $env{'form.path'};
    $path =~ s/^\/daxeopen//;
    
    my $allowed = 0;
    my ($cdom,$cnum);
    if ($path =~ m{^/priv/}) {
        my ($ownername,$ownerdom,$ownerhome) = 
            &Apache::lonnet::constructaccess($path);
        if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
            unless ($ownerhome eq 'no_host') {
                my @hosts = &Apache::lonnet::current_machine_ids();
                if (grep(/^\Q$ownerhome\E$/,@hosts)) {
                    $allowed = 1;
                }
            }
        }
    } elsif ($path =~ m|^/uploaded/|) {
        if ($env{'user.name'} ne '' && $env{'user.domain'} ne '' && $env{'request.course.id'}) {
            $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
            $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
            if ($path =~ m|^/uploaded/\Q$cdom\E/\Q$cnum\E/| && $path !~ /\.\./) {
                if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) {
                    $allowed = 1;
                }
            }
        }
    }
    unless ($allowed) {
        $request->log_reason("Unauthorized path: $path", $path);
        $request->print("error\nUnauthorized path: $path");
        $request->status(403);
        return OK;
    }

    if ($path =~ m{^/priv/}) {
        my $newpath = &Apache::lonnet::filelocation('', $path);
        my $contents = $env{'form.file'};
    
        my $mode;
        if ($path =~ /\.(task|problem|exam|quiz|assess|survey|library|xml|html|htm|xhtml|xhtm)$/) {
            try {
                $contents = &Apache::xml_to_loncapa::convert_file($contents);
            } catch {
                $request->print("error\nconvert failed for $path: $_");
                return OK;
            };
            $mode = '>:encoding(UTF-8)';
        } else {
            $mode = '>';
        }
  
        my $filebak = $newpath.".bak";
        if (-e $newpath) {
            copy($newpath, $filebak); # errors ignored
        }
        if (open(my $out, $mode, $newpath)) {
            print $out $contents;
            close($out);
            $request->print("ok\n");
        } else {
            $request->print("error\nFailed to open file to save $path");
        }
    } elsif ($path =~ m{^/uploaded/}) {
        my ($unauthorized,$unsupported);
        if ($path =~ m{^\Q/uploaded/$cdom/$cnum/\E(docs|supplemental)/(default|\d+)/(\d+)/(.+)$}) {
            my ($type,$folder,$rid,$fname) = ($1,$2,$3,$4);
            my $referrer = $request->headers_in->{'Referer'};
            if ($referrer =~ m{\Qfile=/daxeopen/uploaded/$cdom/$cnum/$type/$folder/$rid/\E}) {
                if ($fname =~ /\.(html|htm|xhtml|xhtm)$/) {
                    try {
                        $env{'form.file'} = &Apache::xml_to_loncapa::convert_file($env{'form.file'});
                    } catch {
                        $request->print("error\nconvert failed for $fname: $_");
                        return OK;
                    }
                } elsif ($fname =~ /\.(task|problem|exam|quiz|assess|survey|library|xml)$/) {
                    $unsupported = $1;
                }
                unless ($unsupported) {
                    my $url = &Apache::lonnet::finishuserfileupload($cnum,$cdom,'file',
                                                                    "$type/$folder/$rid/$fname");
                    if ($url =~ m{^/uploaded/$cdom/$cnum/$type/$folder/$rid/}) {
                        $request->print("ok\n");
                    } else {
                        $request->print("error\nFailed to save uploaded file: $fname");
                    }
                }
            } else {
                $unauthorized = 1;
            }
        } else {
            $unauthorized = 1;
        }
        if ($unauthorized) {
            $request->log_reason("Unauthorized path: $path", $path);
            $request->print("error\nUnauthorized path: $path");
            $request->status(403);
        } elsif ($unsupported) {
            $request->log_reason("File extension: $unsupported -- not allowed for upload to course", $path);
            $request->print("error\nFile extension: $unsupported -- not allowed for upload to course");
            $request->status(403);
        }
    }
    return OK;
}

1;
__END__