--- loncom/interface/londocs.pm 2021/02/10 12:09:29 1.676
+++ loncom/interface/londocs.pm 2022/09/29 03:59:29 1.681
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: londocs.pm,v 1.676 2021/02/10 12:09:29 raeburn Exp $
+# $Id: londocs.pm,v 1.681 2022/09/29 03:59:29 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -183,6 +183,45 @@ sub default_folderpath {
}
}
+sub validate_folderpath {
+ my ($supplementalflag) = @_;
+ if ($env{'form.folderpath'} ne '') {
+ my @items = split(/\&/,$env{'form.folderpath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+ $badpath = 1;
+ } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.folderpath'});
+ }
+ }
+ return;
+}
+
+sub validate_suppath {
+ if ($env{'form.supppath'} ne '') {
+ my @items = split(/\&/,$env{'form.supppath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.supppath'});
+ }
+ }
+ return;
+}
+
sub dumpcourse {
my ($r) = @_;
my $crstype = &Apache::loncommon::course_type();
@@ -1456,7 +1495,7 @@ sub print_paste_buffer {
}
$pasteitems .= '';
if ($nopaste) {
- $pasteitems .= $nopaste;
+ $pasteitems .= ' '.$nopaste.'';
} else {
if ($othercrs) {
$pasteitems .= $othercrs;
@@ -2761,6 +2800,15 @@ sub apply_fixups {
$storefn =~ s/^((?:default|supplemental)_)(\d+)/$1$newsubdir{$key}/;
}
my $mapcontent = &Apache::lonnet::getfile($key);
+ if (($mapcontent eq '-1') && ($before{'map'} eq 'supplemental') &&
+ ($after{'map'} eq 'default') &&
+ ($key =~ m{^/uploaded/$match_domain/$match_courseid/supplemental_\d+\.sequence$})) {
+ $mapcontent = '';
+ }
if ($mapcontent eq '-1') {
if (ref($errors) eq 'HASH') {
$errors->{$key} = 1;
@@ -3929,7 +3977,7 @@ sub entryline {
my $line=&Apache::loncommon::start_data_table_row();
my ($form_start,$form_end,$form_common,$form_param);
# Edit commands
- my ($esc_path, $path, $symb, $curralias);
+ my ($esc_path, $path, $symb, $shownsymb, $curralias);
if ($env{'form.folderpath'}) {
$esc_path=&escape($env{'form.folderpath'});
$path = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
@@ -4196,36 +4244,16 @@ END
} elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
$url .= '?usehttp=1';
}
$nomodal = 1;
}
}
- if (&Apache::lonnet::symbverify($symb,$url)) {
- my $shownsymb = $symb;
- if ($isexternal) {
- $url =~ s/\#[^#]+$//;
- if ($container eq 'page') {
- $url = &Apache::lonnet::clutter($url);
- }
- }
- unless ($env{'request.role.adv'}) {
- if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
- $url = '';
- }
- if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
- $url = '';
- $hiddenres = 1;
- }
- }
- if ($url ne '') {
- $url.=(($url=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
- }
- } elsif (!$env{'request.role.adv'}) {
- my $checkencrypt;
+ my ($checkencrypt,$shownurl);
+ if (!$env{'request.role.adv'}) {
if (((&LONCAPA::map::getparameter($orderidx,'parameter_encrypturl'))[0]=~/^yes$/i) ||
- $isencrypted || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
+ ($isencrypted) || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
$checkencrypt = 1;
} elsif (ref($navmapref)) {
unless (ref($$navmapref)) {
@@ -4233,26 +4261,43 @@ END
}
if (ref($$navmapref)) {
if (lc($$navmapref->get_mapparam($symb,undef,"0.encrypturl")) eq 'yes') {
- $checkencrypt = 1;
+ $checkencrypt = 1;
}
}
}
- if ($checkencrypt) {
- my $shownsymb = &Apache::lonenc::encrypted($symb);
- my $shownurl = &Apache::lonenc::encrypted($url);
- if (&Apache::lonnet::symbverify($shownsymb,$shownurl)) {
- $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
- if ($env{'request.enc'} ne '') {
- delete($env{'request.enc'});
- }
- } else {
- $url='';
- }
+ }
+ if ($checkencrypt) {
+ my $currenc = $env{'request.enc'};
+ $env{'request.enc'} = 1;
+ $shownsymb = &Apache::lonenc::encrypted($symb);
+ $shownurl = &Apache::lonenc::encrypted($url);
+ if (&Apache::lonnet::symbverify($symb,$url)) {
+ $url = $shownurl;
} else {
- $url='';
+ $url = '';
+ }
+ $env{'request.enc'} = $currenc;
+ } elsif (&Apache::lonnet::symbverify($symb,$url)) {
+ $shownsymb = $symb;
+ if ($isexternal) {
+ $url =~ s/\#[^#]+$//;
+ if ($container eq 'page') {
+ $url = &Apache::lonnet::clutter($url);
+ }
+ }
+ $shownurl = $url;
+ }
+ unless ($env{'request.role.adv'}) {
+ if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
+ $url = '';
+ }
+ if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
+ $url = '';
+ $hiddenres = 1;
}
- } else {
- $url='';
+ }
+ if ($url ne '') {
+ $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
}
}
} elsif ($supplementalflag) {
@@ -4261,7 +4306,7 @@ END
$url = $1;
$anchor = $2;
if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$url = 'http://'.$hostname.$url;
}
@@ -4273,7 +4318,7 @@ END
} elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$url = 'http://'.$hostname.$url;
}
@@ -4412,7 +4457,7 @@ $form_end;
&Apache::lonhtmlcommon::jump_to_editres($cfile,$home,
$switchserver,
$forceedit,
- undef,$symb,
+ undef,$symb,$shownsymb,
&escape($env{'form.folderpath'}),
$renametitle,$hostname,
'','',1,$suppanchor);
@@ -5546,35 +5591,11 @@ sub handler {
if ($env{'form.tools'}) { $toolsflag=1; }
if ($env{'form.folderpath'} ne '') {
- my @items = split(/\&/,$env{'form.folderpath'});
- my $badpath;
- for (my $i=0; $i<@items; $i++) {
- my $odd = $i%2;
- if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
- $badpath = 1;
- } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
- $badpath = 1;
- }
- last if ($badpath);
- }
- if ($badpath) {
- delete($env{'form.folderpath'});
- }
+ &validate_folderpath($supplementalflag);
}
if ($env{'form.supppath'} ne '') {
- my @items = split(/\&/,$env{'form.supppath'});
- my $badpath;
- for (my $i=0; $i<@items; $i++) {
- my $odd = $i%2;
- if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
- $badpath = 1;
- }
- last if ($badpath);
- }
- if ($badpath) {
- delete($env{'form.supppath'});
- }
+ &validate_suppath();
}
my $script='';
@@ -5633,6 +5654,9 @@ sub handler {
} else {
undef($env{'form.folderpath'});
}
+ if ($env{'form.folderpath'} ne '') {
+ &validate_folderpath($supplementalflag);
+ }
}
# If we are not allowed to make changes, all we can see are supplemental docs
@@ -7306,7 +7330,7 @@ sub editing_js {
if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$backtourl = 'http://'.$hostname.$backtourl;
}
@@ -7315,7 +7339,7 @@ sub editing_js {
}
} elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$backtourl = 'http://'.$hostname.$backtourl;
}