--- loncom/interface/londocs.pm 2019/04/11 14:22:35 1.660 +++ loncom/interface/londocs.pm 2021/04/29 17:45:22 1.678 @@ -1,7 +1,7 @@ # The LearningOnline Network # Documents # -# $Id: londocs.pm,v 1.660 2019/04/11 14:22:35 raeburn Exp $ +# $Id: londocs.pm,v 1.678 2021/04/29 17:45:22 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -183,6 +183,45 @@ sub default_folderpath { } } +sub validate_folderpath { + my ($supplementalflag) = @_; + if ($env{'form.folderpath'} ne '') { + my @items = split(/\&/,$env{'form.folderpath'}); + my $badpath; + for (my $i=0; $i<@items; $i++) { + my $odd = $i%2; + if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) { + $badpath = 1; + } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) { + $badpath = 1; + } + last if ($badpath); + } + if ($badpath) { + delete($env{'form.folderpath'}); + } + } + return; +} + +sub validate_suppath { + if ($env{'form.supppath'} ne '') { + my @items = split(/\&/,$env{'form.supppath'}); + my $badpath; + for (my $i=0; $i<@items; $i++) { + my $odd = $i%2; + if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) { + $badpath = 1; + } + last if ($badpath); + } + if ($badpath) { + delete($env{'form.supppath'}); + } + } + return; +} + sub dumpcourse { my ($r) = @_; my $crstype = &Apache::loncommon::course_type(); @@ -833,26 +872,27 @@ sub group_import { } my $ext = 'false'; if ($url=~m{^http://} || $url=~m{^https://}) { $ext = 'true'; } - $name = &LONCAPA::map::qtunescape($name); - if ($name eq '') { - $name = &LONCAPA::map::qtunescape(&mt('Web Page')); - } if ($url =~ m{^/uploaded/$coursedom/$coursenum/((?:docs|supplemental)/(?:default|\d+))/new\.html$}) { my $filepath = $1; - my $fname = $name; - if ($fname =~ /^\W+$/) { + my $fname; + if ($name eq '') { + $name = &mt('Web Page'); $fname = 'web'; } else { - $fname =~ s/\W/_/g; - } - if (length($fname) > 15) { - $fname = substr($fname,0,14); + $fname = $name; + $fname=&Apache::lonnet::clean_filename($fname); + if ($fname eq '') { + $fname = 'web'; + } elsif (length($fname) > 15) { + $fname = substr($fname,0,14); + } } + my $title = &Apache::loncommon::cleanup_html($name); my $initialtext = &mt('Replace with your own content.'); my $newhtml = < -$name +$title $initialtext @@ -874,6 +914,7 @@ END return (&mt('Failed to save new web page.'),1); } } + $name = &LONCAPA::map::qtunescape($name); $url = &LONCAPA::map::qtunescape($url); $LONCAPA::map::resources[$residx] = join(':', ($name, $url, $ext, 'normal', 'res')); @@ -1217,13 +1258,19 @@ sub update_paste_buffer { # Construct identifiers for current contents of user's paste buffer if (@currpaste) { foreach my $suffix (@currpaste) { - my $cid = $env{'docs.markedcopy_crs_'.$suffix}; - my $url = $env{'docs.markedcopy_url_'.$suffix}; - my $mapidx = $env{'docs.markedcopy_map_'.$suffix}; - if (($cid =~ /^$match_domain(?:_)$match_courseid$/) && - ($url ne '')) { - $pasteurls{$cid.'_'.$url.'_'.$mapidx} = 1; - } + my $cid = $env{'docs.markedcopy_crs_'.$suffix}; + my $url = $env{'docs.markedcopy_url_'.$suffix}; + my $mapidx = $env{'docs.markedcopy_map_'.$suffix}; + if (($cid =~ /^$match_domain(?:_)$match_courseid$/) && + ($url ne '')) { + if ($url eq '/res/lib/templates/simpleproblem.problem') { + $pasteurls{$cid.'_'.$mapidx} = 1; + } elsif ($url =~ m{^/res/$match_domain/$match_username/}) { + $pasteurls{$url} = 1; + } else { + $pasteurls{$cid.'_'.$url} = 1; + } + } } } @@ -1232,7 +1279,7 @@ sub update_paste_buffer { my @pathitems = split(/\&/,$env{'form.folderpath'}); my @folderconf = split(/\:/,$pathitems[-1]); - my $ispage = $folderconf[4]; + my $ispage = $folderconf[5]; foreach my $item (@possibles) { my ($orderidx,$cmd) = split(/:/,$item); @@ -1245,7 +1292,13 @@ sub update_paste_buffer { $env{'form.folderpath'},\%curr_groups); next if ($denied{'copy'}); $url=~s{http(:|:)//https(:|:)//}{https$2//}; - next if (exists($pasteurls{$coursedom.'_'.$coursenum.'_'.$mapidx})); + if ($url eq '/res/lib/templates/simpleproblem.problem') { + next if (exists($pasteurls{$coursedom.'_'.$coursenum.'_'.$mapidx})); + } elsif ($url =~ m{^/res/$match_domain/$match_username/}) { + next if (exists($pasteurls{$url})); + } else { + next if (exists($pasteurls{$coursedom.'_'.$coursenum.'_'.$url})); + } my ($suffix,$errortxt,$locknotfreed) = &new_timebased_suffix($env{'user.domain'},$env{'user.name'},'paste'); if ($suffix ne '') { @@ -1790,7 +1843,7 @@ sub do_paste_from_buffer { %msgs = &Apache::lonlocal::texthash ( notinsupp => 'Paste failed: content type is not supported within Supplemental Content', notincrs => 'Paste failed: Item is from a different course which you do not have rights to edit.', - notindom => 'Paste failed: Item is an external tool from a course in a different donain.', + notindom => 'Paste failed: Item is an external tool from a course in a different domain.', duplicate => 'Paste failed: only one instance of a particular published sequence or page is allowed within each course.', ); @@ -2329,7 +2382,9 @@ sub copy_templated_files { my @simpleprobqtypes = qw(radio option string essay numerical); my $qtype=$srcparms{$srcprefix.'questiontype'}; if (grep(/^\Q$qtype\E$/,@simpleprobqtypes)) { - my %newdata; + my %newdata = ( + $newprefix.'questiontype' => $qtype, + ); foreach my $type (@simpleprobqtypes) { if ($type eq $qtype) { $newdata{"$weightprefix.$type.weight"}=1; @@ -2803,9 +2858,7 @@ sub apply_fixups { } } if (ref($resdatacopy{$key}) eq 'HASH') { - if ($newsubdir{$key}) { - - } + my ($gotnewmapname,$newmapname,$srcfolder,$srccontainer); foreach my $idx (keys(%{$resdatacopy{$key}})) { if (ref($resdatacopy{$key}{$idx}) eq 'HASH') { my $srcurl = $resdatacopy{$key}{$idx}{'src'}; @@ -2815,15 +2868,18 @@ sub apply_fixups { ($resdatacopy{$key}{$idx}{'cnum'} =~ /^$match_courseid$/)) { my $srcdom = $resdatacopy{$key}{$idx}{'cdom'}; my $srcnum = $resdatacopy{$key}{$idx}{'cnum'}; - my ($newmapname) = ($key =~ m{/([^/]+)$}); - my ($srcfolder,$srccontainer) = split(/\./,$newmapname); + unless ($gotnewmapname) { + ($newmapname) = ($key =~ m{/([^/]+)$}); + ($srcfolder,$srccontainer) = split(/\./,$newmapname); + if ($newsubdir{$key}) { + $newmapname =~ s/^((?:default|supplemental)_)(\d+)/$1$newsubdir{$key}/; + } + $gotnewmapname = 1; + } my $srcmapinfo = $srcfolder.':'.$idx; if ($srccontainer eq 'page') { $srcmapinfo .= ':1'; } - if ($newsubdir{$key}) { - $newmapname =~ s/^((?:default|supplemental)_)(\d+)/$1$newsubdir{$key}/; - } ©_templated_files($srcurl,$srcdom,$srcnum,$srcmapinfo,$cdom, $cnum,$template,$idx,$newmapname); } @@ -4142,11 +4198,19 @@ END my ($editlink,$extresform,$anchor,$hiddenres,$nomodal); my $orig_url = $url; $orig_url=~s{http(:|:)//https(:|:)//}{https$2//}; - $url=~s{^http(|s)(:|:)//}{/adm/wrapper/ext/}; + if ($container eq 'page') { + $url=~s{^http(|s)(:|:)//}{/ext/}; + } else { + $url=~s{^http(|s)(:|:)//}{/adm/wrapper/ext/}; + } if (!$supplementalflag && $residx && $symb) { if ((!$isfolder) && (!$ispage)) { (undef,undef,$url)=&Apache::lonnet::decode_symb($symb); - $url=&Apache::lonnet::clutter($url); + if (($url =~ m{^ext/}) && ($container eq 'page')) { + $url=&Apache::lonnet::clutter_with_no_wrapper($url); + } else { + $url=&Apache::lonnet::clutter($url); + } if ($url=~/^\/*uploaded\//) { $url=~/\.(\w+)$/; my $embstyle=&Apache::loncommon::fileembstyle($1); @@ -4160,7 +4224,7 @@ END } elsif ($url=~m{^(|/adm/wrapper)/ext/([^#]+)}) { my $wrapped = $1; my $exturl = $2; - if ($wrapped eq '') { + if (($wrapped eq '') && ($container ne 'page')) { $url='/adm/wrapper'.$url; } if (($ENV{'SERVER_PORT'} == 443) && ($exturl !~ /^https:/)) { @@ -4171,7 +4235,7 @@ END } elsif ($url eq "/public/$coursedom/$coursenum/syllabus") { if (($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { $url .= '?usehttp=1'; } $nomodal = 1; @@ -4180,11 +4244,9 @@ END if (&Apache::lonnet::symbverify($symb,$url)) { my $shownsymb = $symb; if ($isexternal) { - if ($url =~ /^([^#]+)#([^#]+)$/) { - $url = $1; - $anchor = $2; - my $escan = &escape('#'); - $shownsymb =~ s/^([^\#]+)#([^\#]+)$/$1$escan$2/; + $url =~ s/\#[^#]+$//; + if ($container eq 'page') { + $url = &Apache::lonnet::clutter($url); } } unless ($env{'request.role.adv'}) { @@ -4238,7 +4300,7 @@ END $url = $1; $anchor = $2; if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $url = 'http://'.$hostname.$url; } @@ -4250,7 +4312,7 @@ END } elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) { if (($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $url = 'http://'.$hostname.$url; } @@ -4839,7 +4901,7 @@ sub short_urls { $r->rflush(); my $readonly; if ($canedit) { - my ($numnew,$errors) = &Apache::loncommon::make_short_symbs($cdom,$cnum,$navmap); + my ($numnew,$errors) = &Apache::loncommon::get_requested_shorturls($cdom,$cnum,$navmap); if ($numnew) { $r->print('

'.&mt('Created [quant,_1,URL]',$numnew).'

'); } @@ -4874,7 +4936,7 @@ sub contentverifyform { &mt('No').''.(' 'x2). '

'. - ''. + ''. ''. '

'); $r->print(&endContentScreen()); @@ -5523,35 +5585,11 @@ sub handler { if ($env{'form.tools'}) { $toolsflag=1; } if ($env{'form.folderpath'} ne '') { - my @items = split(/\&/,$env{'form.folderpath'}); - my $badpath; - for (my $i=0; $i<@items; $i++) { - my $odd = $i%2; - if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) { - $badpath = 1; - } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) { - $badpath = 1; - } - last if ($badpath); - } - if ($badpath) { - delete($env{'form.folderpath'}); - } + &validate_folderpath($supplementalflag); } if ($env{'form.supppath'} ne '') { - my @items = split(/\&/,$env{'form.supppath'}); - my $badpath; - for (my $i=0; $i<@items; $i++) { - my $odd = $i%2; - if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) { - $badpath = 1; - } - last if ($badpath); - } - if ($badpath) { - delete($env{'form.supppath'}); - } + &validate_suppath(); } my $script=''; @@ -5610,6 +5648,9 @@ sub handler { } else { undef($env{'form.folderpath'}); } + if ($env{'form.folderpath'} ne '') { + &validate_folderpath($supplementalflag); + } } # If we are not allowed to make changes, all we can see are supplemental docs @@ -5634,7 +5675,7 @@ sub handler { undef($env{'form.folderpath'}); } else { $folderurl = "uploaded/$coursedom/$coursenum/$folder"; - if ((split(/\:/,$pathitems[-1]))[4]) { + if ((split(/\:/,$pathitems[-1]))[5]) { $folderurl .= '.page'; } else { $folderurl .= '.sequence'; @@ -5967,8 +6008,8 @@ sub handler { my $fileupload=(< - - + + FIUP my $checkbox=(< NGFFORM - @specialdocumentsforma=( + if ($container eq 'page') { + @specialdocumentsforma=( + {''.$lt{webp}.''=>$newwebpageform}, + ); + } else { + @specialdocumentsforma=( {''.$lt{newp}.''=>$newpageform}, {''.$lt{syll}.''=>$newsylform}, {''.$lt{navc}.''=>$newnavform}, {''.$lt{sipa}.''=>$newsmppageform}, {''.$lt{webp}.''=>$newwebpageform}, - ); + ); + } $specialdocumentsform = &create_form_ul(&create_list_elements(@specialdocumentsforma)); my @external = ( @@ -6616,11 +6663,11 @@ my %orderhash = ( 'bb' => ['Import',$importpubform], 'cc' => ['External',$externalform], 'dd' => ['Grading',$gradingform], + 'ff' => ['Other',$specialdocumentsform], ); unless ($container eq 'page') { $orderhash{'00'} = ['Newfolder',$newfolderform]; $orderhash{'ee'} = ['Collaboration',$communityform]; - $orderhash{'ff'} = ['Other',$specialdocumentsform]; } $hadchanges=0; @@ -7277,7 +7324,7 @@ sub editing_js { if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) { if (($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $backtourl = 'http://'.$hostname.$backtourl; } @@ -7286,7 +7333,7 @@ sub editing_js { } } elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) { if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $backtourl = 'http://'.$hostname.$backtourl; } @@ -7332,7 +7379,7 @@ sub editing_js { function makenewfolder(targetform,folderseq) { var foldername=prompt('$js_lt{"p_mnf"}','$js_lt{"t_mnf"}'); if (foldername) { - targetform.importdetail.value=escape(foldername)+"="+folderseq; + targetform.importdetail.value=encodeURIComponent(foldername)+"="+folderseq; targetform.submit(); } } @@ -7340,7 +7387,7 @@ function makenewfolder(targetform,folder function makenewpage(targetform,folderseq) { var pagename=prompt('$js_lt{"p_mnp"}','$js_lt{"t_mnp"}'); if (pagename) { - targetform.importdetail.value=escape(pagename)+"="+folderseq; + targetform.importdetail.value=encodeURIComponent(pagename)+"="+folderseq; targetform.submit(); } } @@ -7349,7 +7396,7 @@ function makeexamupload() { var title=prompt('$js_lt{"p_mxu"}'); if (title) { this.document.forms.newexamupload.importdetail.value= - escape(title)+'=/res/lib/templates/examupload.problem'; + encodeURIComponent(title)+'=/res/lib/templates/examupload.problem'; this.document.forms.newexamupload.submit(); } } @@ -7358,7 +7405,7 @@ function makesmppage() { var title=prompt('$js_lt{"p_msp"}'); if (title) { this.document.forms.newsmppg.importdetail.value= - escape(title)+'=/adm/$udom/$uname/new/smppg'; + encodeURIComponent(title)+'=/adm/$udom/$uname/new/smppg'; this.document.forms.newsmppg.submit(); } } @@ -7373,7 +7420,7 @@ function makewebpage(type) { } if (title) { var webpage = formname.importdetail.value; - formname.importdetail.value = escape(title)+'='+webpage; + formname.importdetail.value = encodeURIComponent(title)+'='+webpage; formname.submit(); } } @@ -7382,7 +7429,7 @@ function makesmpproblem() { var title=prompt('$js_lt{"p_msb"}'); if (title) { this.document.forms.newsmpproblem.importdetail.value= - escape(title)+'=/res/lib/templates/simpleproblem.problem'; + encodeURIComponent(title)+'=/res/lib/templates/simpleproblem.problem'; this.document.forms.newsmpproblem.submit(); } } @@ -7391,7 +7438,7 @@ function makedropbox() { var title=prompt('$js_lt{"p_mdb"}'); if (title) { this.document.forms.newdropbox.importdetail.value= - escape(title)+'=/res/lib/templates/DropBox.problem'; + encodeURIComponent(title)+'=/res/lib/templates/DropBox.problem'; this.document.forms.newdropbox.submit(); } } @@ -7400,7 +7447,7 @@ function makebulboard() { var title=prompt('$js_lt{"p_mbb"}'); if (title) { this.document.forms.newbul.importdetail.value= - escape(title)+'=/adm/$udom/$uname/new/bulletinboard'; + encodeURIComponent(title)+'=/adm/$udom/$uname/new/bulletinboard'; this.document.forms.newbul.submit(); } } @@ -8524,7 +8571,7 @@ function validImportCrsRes() { url += fname; } var title = document.crsresimportform.crsrestitle.value; - document.crsresimportform.importdetail.value=escape(title)+'='+escape(url); + document.crsresimportform.importdetail.value=encodeURIComponent(title)+'='+encodeURIComponent(url); return true; }