--- loncom/lonhttpd	2005/02/14 00:18:03	1.10
+++ loncom/lonhttpd	2007/04/10 20:08:01	1.11
@@ -1,5 +1,5 @@
 #!/usr/bin/perl
-# $Id: lonhttpd,v 1.10 2005/02/14 00:18:03 albertel Exp $
+# $Id: lonhttpd,v 1.11 2007/04/10 20:08:01 raeburn Exp $
 
 $VERSION = "1.3.2 (Demonic/Linux/LON-CAPA Derivative $Revison$)";
 
@@ -51,7 +51,8 @@ if ($port_to_use eq '80') { die('Apache
 	 "mpeg" => "video/mpeg",
 	 "mpg" => "video/mpeg",
 	 "jpeg" => "image/jpeg",
-	 "jpg" => "image/jpeg");
+	 "jpg" => "image/jpeg",
+         "png" => "image/png");
 
 $logfile = "/home/httpd/perl/logs/lonhttpd.log";
 
@@ -348,12 +349,22 @@ while (<STDIN>) {
 	1 while $address =~ s#/\.(/|$)#\1#;
         1 while $address =~ s#/[^/]*/\.\.(/|$)#\1#;
 	1 while $address =~ s#^/\.\.(/|$)#\1#;
-	$fail = 0;
+	$fail = 1;
 #
 # Heavily customized for LON-CAPA
 #
 	$address=~s/\/+/\//g;
-	unless ($address=~/^\/(status|adm\/|res\/adm\/)/) { $fail=1; }
+        if ($address=~/^\/(status|adm\/|res\/adm\/)/) {
+            $fail = 0;
+        } elsif ($address =~ /^\/res\/([^\/]+)\/([^\/]+)\-domainconfig\/(logo|domlogo|img)\/[^\/]+$/) {
+#            FIXME - should check $1 is a real domain here - need a lightweight
+#                    domain checker.
+#            @alldomains = &Apache::lonnet::get_domains();
+#            if (grep(/^\Q$1\E$/,@alldomains)) {
+                $fail = 0;
+#            }
+        }
+
 #
 # because existing restriction matrix would not do precedence across rules
 #