--- loncom/lonnet/perl/lonnet.pm	2002/12/05 23:51:05	1.309
+++ loncom/lonnet/perl/lonnet.pm	2003/01/10 20:55:44	1.316
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.309 2002/12/05 23:51:05 albertel Exp $
+# $Id: lonnet.pm,v 1.316 2003/01/10 20:55:44 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -143,9 +143,9 @@ sub reply {
     unless (defined($hostname{$server})) { return 'no_such_host'; }
     my $answer=subreply($cmd,$server);
     if ($answer eq 'con_lost') {
-       #sleep 5; 
-       #$answer=subreply($cmd,$server);
-       #if ($answer eq 'con_lost') {
+        #sleep 5; 
+        #$answer=subreply($cmd,$server);
+        #if ($answer eq 'con_lost') {
 	#   &logthis("Second attempt con_lost on $server");
         #   my $peerfile="$perlvar{'lonSockDir'}/$server";
         #   my $client=IO::Socket::UNIX->new(Peer    =>"$peerfile",
@@ -203,7 +203,6 @@ sub critical {
                " Critical message to unknown server ($server)</font>");
         return 'no_such_host';
     }
-    sleep 2;
     my $answer=reply($cmd,$server);
     if ($answer eq 'con_lost') {
         my $pingreply=reply('ping',$server);
@@ -730,6 +729,7 @@ sub currentversion {
 
 sub subscribe {
     my $fname=shift;
+    if ($fname=~/\/(aboutme|syllabus|bulletinboard|smppg)$/) { return ''; }
     my $author=$fname;
     $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
     my ($udom,$uname)=split(/\//,$author);
@@ -857,8 +857,15 @@ sub tokenwrapper {
 sub userfileupload {
     my ($formname,$coursedoc)=@_;
     my $fname=$ENV{'form.'.$formname.'.filename'};
+# Replace Windows backslashes by forward slashes
     $fname=~s/\\/\//g;
+# Get rid of everything but the actual filename
     $fname=~s/^.*\/([^\/]+)$/$1/;
+# Replace spaces by underscores
+    $fname=~s/\s+/\_/g;
+# Replace all other weird characters by nothing
+    $fname=~s/[^\w\.\-\+]//g;
+# See if there is anything left
     unless ($fname) { return 'error: no uploaded file'; }
     chop($ENV{'form.'.$formname});
 # Create the directory if not present
@@ -1864,6 +1871,12 @@ sub allowed {
        $thisallowed.=$1;
     }
 
+# URI is an uploaded document for this course
+
+    if (($priv eq 'bre') && 
+        ($uri=~/^uploaded\/$ENV{'course.'.$ENV{'request.course.id'}.'.domain'}\/$ENV{'course.'.$ENV{'request.course.id'}.'.num'}/)) {
+        return 'F';
+    }
 # Full access at system, domain or course-wide level? Exit.
 
     if ($thisallowed=~/F/) {
@@ -2350,10 +2363,15 @@ sub modifyuser {
        }
     }
 # -------------------------------------------------------------- Add names, etc
-    my %names=&get('environment',
+    my @tmp=&get('environment',
 		   ['firstname','middlename','lastname','generation'],
 		   $udom,$uname);
-    if ($names{'firstname'} =~ m/^error:.*/) { %names=(); }
+    my %names;
+    if ($tmp[0] =~ m/^error:.*/) { 
+        %names=(); 
+    } else {
+        %names = @tmp;
+    }
     if ($first)  { $names{'firstname'}  = $first; }
     if ($middle) { $names{'middlename'} = $middle; }
     if ($last)   { $names{'lastname'}   = $last; }