--- loncom/lond 2016/09/24 15:35:25 1.529 +++ loncom/lond 2016/09/27 15:58:59 1.530 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.529 2016/09/24 15:35:25 raeburn Exp $ +# $Id: lond,v 1.530 2016/09/27 15:58:59 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -64,7 +64,7 @@ my $DEBUG = 0; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.529 $'; #' stupid emacs +my $VERSION='$Revision: 1.530 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -1572,7 +1572,7 @@ sub du2_handler { # If the requested path contains /../ or is: # # 1. for a directory, and the path does not begin with one of: -# (a) /home/httpd/html/res// +# (a) /home/httpd/html/res/ # (b) /home/httpd/html/res/userfiles/ # (c) /home/httpd/lonUsers//<1>/<2>/<3>//userfiles # or is: @@ -1609,7 +1609,7 @@ sub ls_handler { } if (-e $ulsdir) { if(-d $ulsdir) { - unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles)/}) || + unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) { &Failure($client,"refused\n",$userinput); return 1; @@ -1669,7 +1669,7 @@ sub ls_handler { # If the requested path contains /../ or is: # # 1. for a directory, and the path does not begin with one of: -# (a) /home/httpd/html/res// +# (a) /home/httpd/html/res/ # (b) /home/httpd/html/res/userfiles/ # (c) /home/httpd/lonUsers//<1>/<2>/<3>//userfiles # or is: @@ -1705,7 +1705,7 @@ sub ls2_handler { } if (-e $ulsdir) { if(-d $ulsdir) { - unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles)/}) || + unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) { &Failure($client,"refused\n","$userinput"); return 1; @@ -1758,12 +1758,12 @@ sub ls2_handler { # If the requested path (after prepending) contains /../ or is: # # 1. for a directory, and the path does not begin with one of: -# (a) /home/httpd/html/res// +# (a) /home/httpd/html/res/ # (b) /home/httpd/html/res/userfiles/ # (c) /home/httpd/lonUsers//<1>/<2>/<3>//userfiles # (d) /home/httpd/html/priv// and client is the homeserver # -# or is: +# or is: # # 2. for a file, and the path (after prepending) does not begin with: # /home/httpd/lonUsers//<1>/<2>/<3>// @@ -1843,7 +1843,7 @@ sub ls3_handler { if (-e $ulsdir) { if(-d $ulsdir) { unless (($getpropath) || ($getuserdir) || - ($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles)/}) || + ($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) || (($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) { &Failure($client,"refused\n",$userinput);