--- loncom/lond 2017/05/23 01:31:03 1.537 +++ loncom/lond 2017/06/06 13:32:38 1.538 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.537 2017/05/23 01:31:03 raeburn Exp $ +# $Id: lond,v 1.538 2017/06/06 13:32:38 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -65,7 +65,7 @@ my $DEBUG = 0; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.537 $'; #' stupid emacs +my $VERSION='$Revision: 1.538 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -1610,8 +1610,9 @@ sub du2_handler { # (c) /home/httpd/lonUsers//<1>/<2>/<3>//userfiles # or is: # -# 2. for a file, and the path (after prepending) does not begin with: -# /home/httpd/lonUsers//<1>/<2>/<3>// +# 2. for a file, and the path (after prepending) does not begin with one of: +# (a) /home/httpd/lonUsers//<1>/<2>/<3>// +# (b) /home/httpd/html/res/// # # the response will be "refused". # @@ -1670,7 +1671,8 @@ sub ls_handler { closedir(LSDIR); } } else { - unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) { + unless (($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) || + ($ulsdir =~ m{/home/httpd/html/res/$LONCAPA::match_domain/$LONCAPA::match_username/})) { &Failure($client,"refused\n",$userinput); return 1; } @@ -1707,8 +1709,9 @@ sub ls_handler { # (c) /home/httpd/lonUsers//<1>/<2>/<3>//userfiles # or is: # -# 2. for a file, and the path (after prepending) does not begin with: -# /home/httpd/lonUsers//<1>/<2>/<3>// +# 2. for a file, and the path (after prepending) does not begin with one of: +# (a) /home/httpd/lonUsers//<1>/<2>/<3>// +# (b) /home/httpd/html/res/// # # the response will be "refused". # @@ -1767,7 +1770,9 @@ sub ls2_handler { closedir(LSDIR); } } else { - unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) { + unless (($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) || + ($ulsdir =~ m{/home/httpd/html/res/$LONCAPA::match_domain/$LONCAPA::match_username/})) { + &Failure($client,"refused\n",$userinput); return 1; } @@ -1798,8 +1803,9 @@ sub ls2_handler { # # or is: # -# 2. for a file, and the path (after prepending) does not begin with: -# /home/httpd/lonUsers//<1>/<2>/<3>// +# 2. for a file, and the path (after prepending) does not begin with one of: +# (a) /home/httpd/lonUsers//<1>/<2>/<3>// +# (b) /home/httpd/html/res/// # # the response will be "refused". # @@ -1907,7 +1913,8 @@ sub ls3_handler { } } else { unless (($getpropath) || ($getuserdir) || - ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/})) { + ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) || + ($ulsdir =~ m{/home/httpd/html/res/$LONCAPA::match_domain/$LONCAPA::match_username/})) { &Failure($client,"refused\n",$userinput); return 1; }