File:  [LON-CAPA] / loncom / lonencurl.pm
Revision 1.5: download - view: text, annotated - select for diffs
Sat Oct 1 03:18:57 2011 UTC (12 years, 5 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_11_1, version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, version_2_11_0, language_hyphenation_merge, language_hyphenation, HEAD, BZ4492-merge, BZ4492-feature_horizontal_radioresponse, BZ4492-feature_Support_horizontal_radioresponse, BZ4492-Support_horizontal_radioresponse
- Bug 5047.
  - Display applets where encrypted URL is in operation, at least for cases
    where there is a single archive file, and code and archive are in
    same directory as html file containing applet, object or embed tag.
- Also allows display of Camtasia files with encrypted URL where there
  are dependencies on .js, .swf and .mp4 files.
- Note: the names of the java class file, java archive file, .swf,
  and .mp4 files is visible, unencrypted in the HTML source for the
  web page containing the applet or the movie.


# The LearningOnline Network
# URL translation for encrypted filenames
#
# $Id: lonencurl.pm,v 1.5 2011/10/01 03:18:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#

package Apache::lonencurl;

use strict;
use Apache::Constants qw(:common :remotehost);
use Apache::lonnet;
use Apache::lonenc;
use GDBM_File;

sub handler {
    my $r = shift;

    $env{'request.enc'}=1;

    my $handle = &Apache::lonnet::check_for_valid_session($r);
    if ($handle ne '') {
# Initialize Environment
	my $lonidsdir=$r->dir_config('lonIDsDir');
	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
# Decrypt URL, if appropriate, and redirect
        my $redirect;
        my ($decrypted,$encnum,$remainder) = &checkdecryption($r->uri);
        if (($encnum ne '') && ($remainder ne '')) {
            my $referrer = $r->headers_in->{'Referer'} || '';
            my $host = $r->headers_in->{'Host'};
            my $decryptreferrer;
            if ($referrer =~ m{^https?://\Q$host\E(/enc/\Q$encnum\E/[^?]+)}) {
                ($decryptreferrer) = &checkdecryption($1);
            }
            if ($decryptreferrer eq '') {
                if ($env{'request.course.fn'} ne '') {
                    my %symbhash;
                    if (tie(%symbhash,'GDBM_File',$env{'request.course.fn'}.'_symb.db',
                        &GDBM_READER(),0640)) {
                        my $lastsymb=$symbhash{'last_known'};
                        untie(%symbhash);
                        (undef,undef,$decryptreferrer)=&Apache::lonnet::decode_symb($lastsymb);
                        $decryptreferrer = &Apache::lonnet::clutter($decryptreferrer);
                    }
                }
            }
            if ($decryptreferrer ne '') {
                my ($referrerpath) = ($decryptreferrer =~ m{^(.+/)[^/]+$});
                if (($env{'httpref.'.$referrerpath.$remainder} eq $decryptreferrer) ||
                    ($env{'httpref.'.$referrerpath.'*'} eq $decryptreferrer) ||
                    ($env{'httpref.'.$referrerpath} eq $decryptreferrer)) {
                   $redirect=$referrerpath.$remainder;
                }
            }
        }
        if ($redirect eq '') {
            $redirect=&Apache::lonenc::unencrypted($r->uri);
        }
	if ($r->args) { $redirect.='?'.$r->args; }
	$r->internal_redirect($redirect);
	return OK;
    }
    return FORBIDDEN;
}

sub checkdecryption {
    my ($uri) = @_;
    my ($encnum,$encname,$rest) = ($uri =~ m{^/enc/(\d+)/([^.]+)(.*)$});
    my $enclength = length($encname);
    my $rem = $enclength%16;
    if (($encname =~ /[^a-f0-9]/) || ($rem != 0) || ($enclength < 16)) {
        return ('',$encnum,$encname.$rest);
    } else {
        return (&Apache::lonenc::unencrypted($uri));
    }
}

1;
__END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>