--- loncom/lonenc.pm 2005/01/19 18:16:35 1.10 +++ loncom/lonenc.pm 2020/03/15 23:04:05 1.26 @@ -1,7 +1,7 @@ # The LearningOnline Network # URL translation for encrypted filenames # -# $Id: lonenc.pm,v 1.10 2005/01/19 18:16:35 albertel Exp $ +# $Id: lonenc.pm,v 1.26 2020/03/15 23:04:05 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -29,53 +29,59 @@ package Apache::lonenc; use strict; -use Apache::Constants qw(:common :remotehost); -use Apache::lonnet(); -use Apache::File(); -use Apache::loncommon; +use Apache::lonnet; use Crypt::IDEA; use Time::HiRes qw(gettimeofday); +use LONCAPA; + -sub handler { - my $r = shift; - my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); - my $lonid=$cookies{'lonID'}; - my $cookie; - if ($lonid) { - my $handle=$lonid->value; - $handle=~s/\W//g; - my $lonidsdir=$r->dir_config('lonIDsDir'); - $ENV{'request.enc'}=1; - if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { -# Initialize Environment - &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); -# Decrypt URL and redirect - my $redirect=&unencrypted($r->uri); - if ($r->args) { $redirect.='?'.$r->args; } - $r->internal_redirect($redirect); - return OK; - } - } - return FORBIDDEN; +# +# If a module makes multiple SSI calls and some of the ssi calls result in a +# resource for an encoded URL, and this can be done in an unprivileged role, +# there must be a mechanism t oreset the 'request.enc' environment variable. +# This sub centralizes that mechanism: +# +sub reset_enc { + $env{'request.enc'} = 0; } sub encryptseed { - my $seed=$ENV{'course.'.$ENV{'request.course.id'}.'.internal.encseed'}; - $seed=~s/[^0-9a-f]/0/g; - $seed.='0123456789abcdef'; - $seed=substr($seed.$seed,0,32); - return pack("H32",$seed); + my ($cid) = @_; + if (!defined($cid)) { + $cid = $env{'request.course.id'}; + } + my $seed; + if (defined($cid)) { + if (defined$env{'course.'.$cid.'.internal.encseed'}) { + $seed = $env{'course.'.$cid.'.internal.encseed'}; + } else { + my %descargs = ( 'one_time' => 1); + my %course = + &Apache::lonnet::coursedescription($cid,\%descargs); + $seed = $course{'internal.encseed'}; + } + } + if (defined($seed)) { + $seed=~s/[^0-9a-f]/0/g; + $seed.='0123456789abcdef'; + $seed=substr($seed.$seed,0,32); + return pack("H32",$seed); + } else { + return pack("H32",1); + } } sub unencrypted { - my $uri=shift; + my ($uri,$cid) = @_; $uri=~s/^\/enc\/(\d+)\///; my $cmdlength=$1; - my $seed=&encryptseed(); + # strip any added extension + $uri=~s/\.[^.]*//; + my $seed=&encryptseed($cid); unless ($seed) { return '/'.$uri; } - $uri=&Apache::lonnet::unescape($uri); + $uri=&unescape($uri); my $cipher=new IDEA $seed; my $decuri=''; for (my $encidx=0;$encidxencrypt(substr($uri,$encidx,8))); } - return '/enc/'.$cmdlength.'/'.&Apache::lonnet::escape($encuri); + return '/enc/'.$cmdlength.'/'.&escape($encuri); } sub check_encrypt { my $str=shift; - if ($ENV{'request.enc'}) { return &Apache::lonenc::encrypted($str); } + if (ref($str)) { + if ($env{'request.enc'}) { $$str = &Apache::lonenc::encrypted($$str); } + return; + } else { + if ($env{'request.enc'}) { return &Apache::lonenc::encrypted($str); } + } return $str; } @@ -147,15 +158,24 @@ sub check_decrypt { } sub encrypt_ref { - my ($token,$elements)=@_; + my ($token,$elements,$force_enc)=@_; my $html; - if ($ENV{'request.enc'}) { + if ($force_enc || $env{'request.enc'}) { while (my ($name,$value)= each(%{ $elements })) { - if (!$value) { next; } + next if (!$value); + next if ($value =~ /^\w+:/); # explict javascript: or http: link my $href=&Apache::lonnet::hreflocation($Apache::lonxml::pwd[-1],$value); - if ($href !~ /^http:/) { $href=&Apache::lonenc::encrypted($href); } + if ($href !~ /^https?\:/) { + # IE really wants an extension + my ($extension) = ($href =~ m/(\.[^.]*)$/); + my $newhref = &Apache::lonenc::encrypted($href,$force_enc); + unless ($newhref eq $href) { + $href = $newhref.$extension; + } + } $token->[2]->{$name}=$href; } + delete($token->[2]->{'encrypturl'}); $html = &Apache::edit::rebuild_tag($token); } else { $html = $token->[4];