Annotation of loncom/interface/lonexturlcheck.pm, revision 1.3
1.1 raeburn 1: # The LearningOnline Network with CAPA
2: # Handler to check if external resource can be shown in iframe
3: #
1.3 ! raeburn 4: # $Id: lonexturlcheck.pm,v 1.2 2019/05/02 20:28:18 raeburn Exp $
1.1 raeburn 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28: #
29: ###############################################################
30: ###############################################################
31:
32: =pod
33:
34: =head1 NAME
35:
36: Apache::lonexturlcheck - External Resource URL checker
37:
38: =head1 SYNOPSIS
39:
40: Called in course context by course personnel either with the course editing
41: privilege or with view-only access to course editing tools.
42:
43: Query string contains one item: name=exturl, value=URL of external resource
1.2 raeburn 44: (format: http://hostname/path or https://hostname/path).
1.1 raeburn 45:
46: The resource URL is sent to &loncommon::is_nonframeable() to check whether
1.2 raeburn 47: it can be displayed in an iframe in a page served by the current host.
1.1 raeburn 48:
49: =head1 OVERVIEW
50:
51: Input: external resource URL (from query string passed to /adm/exturlcheck).
52:
53: Hostname, lonHostID, and IP address for this node are retrieved from Apache.
54:
55: Dependencies: calls &loncommon::is_nonframeable() to check if server where
1.2 raeburn 56: external resource is hosted is configured with a Content-Security-Policy or
1.1 raeburn 57: with X-Frame-options settings which prohibit display of the resource within
1.2 raeburn 58: an iframe in a LON-CAPA page served from this node.
1.1 raeburn 59:
60: Output to print buffer: (content-type: text/plain): 1, 0, -1 or empty string.
61: '' -- display in iframe is allowed
1.2 raeburn 62: 1 -- display in iframe not allowed
1.1 raeburn 63: 0 -- invalid URL
1.2 raeburn 64: -1 -- could not verify course editing privilege or view-only access to
1.1 raeburn 65: course editing tools
66:
1.2 raeburn 67: HTTP Return codes:
1.1 raeburn 68: 406 -- if user is not in a course
69: 200 -- otherwise
70:
71: =cut
72:
73: package Apache::lonexturlcheck;
74:
75: use strict;
76: use Apache::Constants qw(:common :http);
77: use Apache::lonnet;
78: use Apache::loncommon;
79: use LONCAPA::LWPReq;
80: use HTTP::Request;
81:
82: sub handler {
83: my $r=shift;
84: if ($r->header_only) {
85: &Apache::loncommon::content_type($r,'text/html');
86: $r->send_http_header;
87: return OK;
88: }
89: if (!$env{'request.course.fn'}) {
90: # Not in a course.
91: $env{'user.error.msg'}="/adm/lonexturlcheck:bre:0:0:Not in a course";
92: return HTTP_NOT_ACCEPTABLE;
93: }
94: &Apache::loncommon::content_type($r,'text/plain');
95: $r->send_http_header;
96: my $uselink;
97: if (($env{'request.course.id'}) &&
98: ((&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) ||
99: (&Apache::lonnet::allowed('cev',$env{'request.course.id'})))) {
100: &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['exturl']);
1.3 ! raeburn 101: $env{'form.exturl'} =~ s/^\s+|\s+$//g;
! 102: if ($env{'form.exturl'} =~ m{^https?\://([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}}i) {
1.1 raeburn 103: my $hostname = $r->hostname();
104: my $lonhost = $r->dir_config('lonHostID');
105: my $ip = &Apache::lonnet::get_host_ip($lonhost);
1.3 ! raeburn 106: $r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip,1));
1.1 raeburn 107: } else {
108: $r->print(0);
109: }
110: } else {
111: $r->print(-1);
112: }
113: return OK;
114: }
115:
116: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonexturlcheck.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface