--- loncom/publisher/loncfile.pm 2007/04/20 20:55:01 1.82 +++ loncom/publisher/loncfile.pm 2011/10/23 23:46:07 1.110 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.82 2007/04/20 20:55:01 albertel Exp $ +# $Id: loncfile.pm,v 1.110 2011/10/23 23:46:07 www Exp $ # # Copyright Michigan State University Board of Trustees # @@ -109,6 +109,17 @@ sub Debug { } } +sub done { + my ($url)=@_; + my $done=&mt("Done"); + return(<$done + +ENDDONE +} + =pod =item URLToPath($url) @@ -148,24 +159,26 @@ sub URLToPath { my $Url = shift; &Debug($r, "UrlToPath got: $Url"); $Url=~ s/\/+/\//g; - $Url=~ s/^http\:\/\/[^\/]+//; + $Url=~ s/^https?\:\/\/[^\/]+//; $Url=~ s/^\///; - $Url=~ s/(\~|priv\/)($match_username)\//\/home\/$2\/public_html\//; + $Url='/home/httpd/html/'.$Url; &Debug($r, "Returning $Url \n"); return $Url; } sub url { my $fn=shift; - $fn=~s/^\/home\/($match_username)\/public\_html/\/priv\/$1/; + $fn=~s/^\/home\/httpd\/html//; + $fn=~s/\/\.\//\//g; $fn=&HTML::Entities::encode($fn,'<>"&'); return $fn; } sub display { my $fn=shift; - $fn=~s-^/home/($match_username)/public_html-/priv/$1-; - return ''.$fn.''; + $fn=~s/^\/home\/httpd\/html//; + $fn=~s/\/\.\//\//g; + return ''.$fn.''; } @@ -226,12 +239,16 @@ sub empty_directory { =over 4 -=item $user - string [in] - Name of the user for which to check. +=item $user - string [in] - Name of the user for which to check. -=item $domain - string [in] - Name of the domain in which the resource +=item $domain - string [in] - Name of the domain in which the resource might have been published. -=item $file - string [in] - Name of the file. +=item $file - string [in] - Name of the file. + +=item $creating - string [in] - optional, type of object being created, + either 'directory' or 'file'. Defaults to + 'file' if unspecified. =back @@ -239,6 +256,9 @@ Returns: =over 4 +=item string - Either undef, 'warning' or 'error' depending on the + type of problem + =item string - Either where the resource exists as an html string that can be embedded in a dialog or an empty string if the resource does not exist. @@ -248,20 +268,38 @@ Returns: =cut sub exists { - my ($user, $domain, $construct) = @_; + my ($user, $domain, $construct, $creating) = @_; + $creating ||= 'file'; + my $published=$construct; - $published=~ - s/^\/home\/$user\/public\_html\//\/home\/httpd\/html\/res\/$domain\/$user\//; - my $result=''; + $published=~s{^/home/httpd/html/priv/}{/home/httpd/html/res/}; + my ($type,$result); if ( -d $construct ) { - return &mt('Error: destination for operation is an existing directory.'); + return ('error','

'.&mt('Error: destination for operation is an existing directory.').'

'); + } + if ( -e $published) { - $result.='

'.&mt('Warning: target file exists, and has been published!').'

'; + if ( -e $construct ) { + $type = 'warning'; + $result.='

'.&mt('Warning: target file exists, and has been published!').'

'; + } else { + my $published_type = (-d $published) ? 'directory' : 'file'; + + if ($published_type eq $creating) { + $type = 'warning'; + $result.='

'.&mt("Warning: a published $published_type of this name exists.").'

'; + } else { + $type = 'error'; + $result.='

'.&mt("Error: a published $published_type of this name exists.").'

'; + } + } } elsif ( -e $construct) { - $result.='

'.&mt('Warning: target file exists!').'

'; + $type = 'warning'; + $result.='

'.&mt('Warning: target file exists!').'

'; } - return $result; + + return ($type,$result); } =pod @@ -308,36 +346,55 @@ sub checksuffix { } sub cleanDest { - my ($request,$dest,$subdir,$fn,$uname)=@_; + my ($request,$dest,$subdir,$fn,$uname,$udom)=@_; #remove bad characters my $foundbad=0; + my $error=''; if ($subdir && $dest =~/\./) { $foundbad=1; $dest=~s/\.//g; } + $dest =~ s/(\s+$|^\s+)//g; if ($dest=~/[\#\?&%\":]/) { $foundbad=1; $dest=~s/[\#\?&%\":]//g; } if ($dest=~m|/|) { my ($newpath)=($dest=~m|(.*)/|); - $newpath=&relativeDest($fn,$newpath,$uname); + ($newpath,$error)=&relativeDest($fn,$newpath,$uname,$udom); if (! -d "$newpath") { - $request->print("

".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"'.$newpath.'"')."

"); + $request->print('

' + .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name." + ,&display($newpath)) + .'

'); $dest=~s|.*/||; } } + if ($dest =~ /\.(\d+)\.(\w+)$/){ + $request->print('

' + .&mt('Bad filename [_1]',&display($dest)) + .'
' + .&mt('[_1](name).(number).(extension)[_2] not allowed.','','') + .'
' + .&mt('Removing the [_1].number.[_2] from requested filename.','','') + .'

'); + $dest =~ s/\.(\d+)(\.\w+)$/$2/; + } if ($foundbad) { - $request->print("

".&mt('Invalid characters in requested name have been removed.')."

"); + $request->print('

' + .&mt('Invalid characters in requested name have been removed.') + .'

' + ); } - return $dest; + return ($dest,$error); } sub relativeDest { - my ($fn,$newfilename,$uname)=@_; + my ($fn,$newfilename,$uname,$udom)=@_; + my $error = ''; if ($newfilename=~/^\//) { # absolute, simply add path - $newfilename='/home/'.$uname.'/public_html/'; + $newfilename='/home/httpd/html/res/'.$udom.'/'.$uname.'/'; } else { my $dir=$fn; $dir=~s/\/[^\/]+$//; @@ -347,7 +404,18 @@ sub relativeDest { while ($newfilename=~m:/\.\./:) { $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. } - return $newfilename; + if ($newfilename =~ m{^/home/($match_username)/(?:public\_html|priv)/}) { + my $otheruname = $1; + unless ($otheruname eq $uname) { + my ($authorname,$authordom)= + &Apache::loncacc::constructaccess($newfilename,$env{'request.role.domain'}); + unless (($authorname eq $otheruname) && ($authordom ne '')) { + my $otherdir = &display($newfilename); + $error = &mt('Access denied to [_1]',$otherdir); + } + } + } + return ($newfilename,$error); } =pod @@ -372,7 +440,7 @@ sub CloseForm1 { my ($request, $fn) = @_; $request->print('

'); $request->print('

'); + '" method="post">

'); } @@ -402,7 +470,7 @@ Parameters: sub CloseForm2 { my ($request, $user, $fn) = @_; - $request->print('

'.&mt('Done').'

'); + $request->print(&done(&url($fn))); } =pod @@ -463,10 +531,10 @@ sub Rename1 { if (-d $fn) { $newfilename=~/\.(\w+)$/; if (&Apache::loncommon::fileembstyle($1) eq 'ssi') { - $request->print('
'. - &mt('Cannot change MIME type of a directory'). + $request->print('

'. + &mt('Cannot change MIME type of a directory.'). ''. - '
'.&mt('Cancel').''); + '
'.&mt('Cancel').'

'); return; } $newfilename=~s/\/[^\/]+\/([^\/]+)$/\/$1/; @@ -475,34 +543,45 @@ sub Rename1 { while ($newfilename=~m:/\.\./:) { $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. } - my $return=&exists($user, $domain, $newfilename); + my ($type, $return)=&exists($user, $domain, $newfilename); $request->print($return); - if ($return =~/^Error:/) { + if ($type eq 'error') { $request->print('
'.&mt('Cancel').''); return; } unless (&obsolete_unpub($user,$domain,$fn)) { - $request->print('

'.&mt('Cannot rename or move non-obsolete published file').'

'. - '
'.&mt('Cancel').''); + $request->print('

' + .&mt('Cannot rename or move non-obsolete published file.') + .'
' + .''.&mt('Cancel').'

' + ); return; } my $action; if ($style eq 'rename') { - $action=&mt('Rename'); + $action='Rename'; } else { - $action=&mt('Move'); + $action='Move'; } - $request->print('

'.$action.' '.&display($fn). - '
to '.&display($newfilename).'?

'); + $request->print('' + .'

' + .&mt($action.' [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'

' + ); &CloseForm1($request, $fn); } else { - $request->print('

'.&mt('No new filename specified.').'

'); + $request->print('

'.&mt('No new filename specified.').'

'); return; } } else { - $request->print('

'.&mt('No such file').': '.&display($fn).'

'); + $request->print('

' + .&mt('No such file: [_1]', + &display($fn)) + .'

' + ); return; } @@ -537,25 +616,41 @@ sub Delete1 { if( -e $fn) { $request->print(''); + $fn.'" />'); if (-d $fn) { unless (&empty_directory($fn,'Delete1')) { - $request->print('

'.&mt('Only empty directories may be deleted.').'

'. - 'You must delete the contents of the directory first.
'. - '
'.&mt('Cancel').''); + $request->print('

' + .'' + .&mt('Only empty directories may be deleted.') + .'
' + .&mt('You must delete the contents of the directory first.') + .'

' + .'

'.&mt('Cancel').'

' + ); return; } } else { unless (&obsolete_unpub($user,$domain,$fn)) { - $request->print('

'.&mt('Cannot delete non-obsolete published file').'

'. - '
'.&mt('Cancel').''); + $request->print('

' + .&mt('Cannot delete non-obsolete published file.') + .'
' + .''.&mt('Cancel').'

' + ); return; } } - $request->print('

'.&mt('Delete').' '.&display($fn).'?

'); + $request->print('

' + .&mt('Delete [_1]?', + &display($fn)) + .'

' + ); &CloseForm1($request, $fn); } else { - $request->print('

'.&mt('No such file').': '.&display($fn).'

'); + $request->print('

' + .&mt('No such file: [_1]', + &display($fn)) + .'

' + ); } } @@ -603,19 +698,28 @@ sub Copy1 { $newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. } $request->print(&checksuffix($fn,$newfilename)); - my $return=&exists($user, $domain, $newfilename); + my ($type,$return)=&exists($user, $domain, $newfilename); $request->print($return); - if ($return =~/^Error:/) { + if ($type eq 'error') { $request->print('
'.&mt('Cancel').''); return; } - $request->print('

'.&mt('Copy').' '.&display($fn).'
to '. - &display($newfilename).'?

'); + $request->print( + '' + .'

' + .&mt('Copy [_1] to [_2]?', + &display($fn), + &display($newfilename)) + .'

' + ); &CloseForm1($request, $fn); } else { - $request->print('

'.&mt('No such file').': '.&display($fn).'

'); + $request->print('

' + .&mt('No such file: [_1]', + &display($fn)) + .'

' + ); } } @@ -661,18 +765,22 @@ causes the newdir operation to transitio sub NewDir1 { my ($request, $username, $domain, $fn, $newfilename, $mode) = @_; - my $result=&exists($username,$domain,$newfilename); - if ($result) { - $request->print(''.$result.''); + my ($type, $result)=&exists($username,$domain,$newfilename,'directory'); + $request->print($result); + if ($type eq 'error') { + $request->print(''); } else { - if ($mode eq 'testbank') { - $request->print(''); - } elsif ($mode eq 'imsimport') { - $request->print(''); - } - $request->print('

'.&mt('Make new directory').' '. - &display($newfilename).'?

'); + if (($mode eq 'testbank') || ($mode eq 'imsimport')) { + $request->print(''."\n". + ''); + } + $request->print('' + .'

' + .&mt('Make new directory [_1]?', + &display($newfilename)) + .'

' + ); &CloseForm1($request, $fn); } } @@ -681,11 +789,19 @@ sub NewDir1 { sub Decompress1 { my ($request, $user, $domain, $fn) = @_; if( -e $fn) { - $request->print(''); - $request->print('

'.&mt('Decompress').' '.&display($fn).'?

'); + $request->print(''); + $request->print('

' + .&mt('Decompress [_1]?', + &display($fn)) + .'

' + ); &CloseForm1($request, $fn); } else { - $request->print('

'.&mt('No such file').': '.&display($fn).'

'); + $request->print('

' + .&mt('No such file: [_1]', + &display($fn)) + .'

' + ); } } @@ -731,23 +847,10 @@ button which returns you to the driector sub NewFile1 { my ($request, $user, $domain, $fn, $newfilename) = @_; + return if (&filename_check($newfilename) ne 'ok'); if ($env{'form.action'} =~ /new(.+)file/) { my $extension=$1; - - ##Informs User (name).(number).(extension) not allowed - if($newfilename =~ /\.(\d+)\.(\w+)$/){ - $r->print(''.$newfilename. - ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').') '. - ' '.&mt('Not Allowed').'
'); - return; - } - if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){ - $r->print(''.$newfilename. - ' - '.&mt('Bad Filename').'
('.&mt('Must not include').' '.$1.') '. - ' '.&mt('Not Allowed').'
'); - return; - } if ($newfilename !~ /\Q.$extension\E$/) { if ($newfilename =~ m|/[^/.]*\.(?:[^/.]+)$|) { #already has an extension strip it and add in expected one @@ -756,17 +859,62 @@ sub NewFile1 { $newfilename.=".$extension"; } } - my $result=&exists($user,$domain,$newfilename); - if($result) { - $request->print(''.$result.''); + my ($type, $result)=&exists($user,$domain,$newfilename); + $request->print($result); + if ($type eq 'error') { + $request->print(''); } else { + my $extension; + + if ($newfilename =~ m{[^/.]+\.([^/.]+)$}) { + $extension = $1; + } + + my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty task library js css txt); + if (($extension eq '') || (!grep(/^\Q$extension\E/,@okexts))) { + my $validexts = '.'.join(', .',@okexts); + $request->print('

'. + &mt('Invalid filename: ').&display($newfilename).'

'. + &mt('The name of the new file needs to end with an appropriate file extension to indicate the type of file to create.').'
'. + &mt('The following are valid extensions: [_1].',$validexts). + '

'. + '

'. + ''. + ''. + ''.&mt('Enter a file name: ').' '. + '

'. + '

'); + return; + } + $request->print('

'.&mt('Make new file').' '.&display($newfilename).'?

'); $request->print(''); + $request->print('

'); + '" method="post">

'); $request->print('

'); + '" method="post">

'); } + return; +} + +sub filename_check { + my ($newfilename) = @_; + ##Informs User (name).(number).(extension) not allowed + if($newfilename =~ /\.(\d+)\.(\w+)$/){ + $r->print(''.$newfilename. + ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').') '. + ' '.&mt('Not Allowed').'
'); + return; + } + if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){ + $r->print(''.$newfilename. + ' - '.&mt('Bad Filename').'
('.&mt('Must not include').' '.$1.') '. + ' '.&mt('Not Allowed').'
'); + return; + } + return 'ok'; } =pod @@ -802,8 +950,23 @@ sub phaseone { my $doingdir=0; if ($env{'form.action'} eq 'newdir') { $doingdir=1; } - my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); - $newfilename=&relativeDest($fn,$newfilename,$uname); + my ($newfilename,$error) = + &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname,$udom); + unless ($error) { + ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname,$udom); + } + if ($error) { + my $dirlist; + if ($fn=~m{^(.*/)[^/]+$}) { + $dirlist=$1; + } else { + $dirlist=$fn; + } + $r->print('
'.$error.'
'. + '

'.&mt('Return to Directory'). + '

'); + return; + } $r->print('
'. ''. ''. @@ -821,7 +984,10 @@ sub phaseone { if($newfilename) { &Copy1($r, $uname, $udom, $fn, $newfilename); } else { - $r->print('

'.&mt('No new filename specified.').'

'); + $r->print('

' + .&mt('No new filename specified.') + .'

' + ); } } elsif ($env{'form.action'} eq 'newdir') { my $mode = ''; @@ -836,13 +1002,17 @@ sub phaseone { $env{'form.action'} eq 'newsequencefile' || $env{'form.action'} eq 'newrightsfile' || $env{'form.action'} eq 'newstyfile' || + $env{'form.action'} eq 'newtaskfile' || $env{'form.action'} eq 'newlibraryfile' || $env{'form.action'} eq 'Select Action') { my $empty=&mt('Type Name Here'); if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) { &NewFile1($r, $uname, $udom, $fn, $newfilename); } else { - $r->print('

'.&mt('No new filename specified.').'

'); + $r->print('

' + .&mt('No new filename specified.') + .'

' + ); } } } @@ -894,7 +1064,7 @@ sub Rename2 { my $oRN=$oldfile; my $nRN=$newfile; unless (rename($oldfile,$newfile)) { - $request->print(''.&mt('Error').': '.$!.''); + $request->print(''.&mt('Error').': '.$!.''); return 0; } ## If old name.(extension) exits, move under new name. @@ -929,7 +1099,12 @@ sub Rename2 { unlink $tmp2; } } else { - $request->print("

".&mt('No such file').": ".&display($oldfile).'

'); + $request->print( + '

' + .&mt('No such file: [_1]', + &display($oldfile)) + .'

' + ); return 0; } return 1; @@ -968,27 +1143,27 @@ sub Delete2 { my ($request, $user, $filename) = @_; if (-d $filename) { unless (&empty_directory($filename,'Delete2')) { - $request->print(' '.&mt('Error: Directory Non Empty').''); + $request->print(''.&mt('Error: Directory Non Empty').''); return 0; } else { if(-e $filename) { unless(rmdir($filename)) { - $request->print(''.&mt('Error').': '.$!.''); + $request->print(''.&mt('Error').': '.$!.''); return 0; } } else { - $request->print('

'.&mt('No such file').'.

'); + $request->print('

'.&mt('No such file').'

'); return 0; } } } else { if(-e $filename) { unless(unlink($filename)) { - $request->print(''.&mt('Error').': '.$!.''); + $request->print(''.&mt('Error').': '.$!.''); return 0; } } else { - $request->print('

'.&mt('No such file').'.

'); + $request->print('

'.&mt('No such file').'

'); return 0; } } @@ -1028,26 +1203,26 @@ sub Copy2 { &Debug($request ,"Will try to copy $oldfile to $newfile"); if(-e $oldfile) { if ($oldfile eq $newfile) { - $request->print(' '.&mt('Warning').': '.&mt('Name of new file is the same as name of old file').' - '.&mt('no action taken').'.'); + $request->print(''.&mt('Warning').': '.&mt('Name of new file is the same as name of old file').' - '.&mt('no action taken').'.'); return 1; } unless (copy($oldfile, $newfile)) { - $request->print(' '.&mt('copy Error').': '.$!.''); + $request->print(''.&mt('copy Error').': '.$!.''); return 0; } elsif (!chmod(0660, $newfile)) { - $request->print(' '.&mt('chmod error').': '.$!.''); + $request->print(''.&mt('chmod error').': '.$!.''); return 0; } elsif (-e $oldfile.'.meta' && !copy($oldfile.'.meta', $newfile.'.meta') && !chmod(0660, $newfile.'.meta')) { - $request->print(' '.&mt('copy metadata error'). - ': '.$!.''); + $request->print(''.&mt('copy metadata error'). + ': '.$!.''); return 0; } else { return 1; } } else { - $request->print('

'.&mt('No such file').'

'); + $request->print('

'.&mt('No such file').'

'); return 0; } return 1; @@ -1079,11 +1254,11 @@ sub NewDir2 { my ($request, $user, $newdirectory) = @_; unless(mkdir($newdirectory, 02770)) { - $request->print(''.&mt('Error').': '.$!.''); + $request->print(''.&mt('Error').': '.$!.''); return 0; } unless(chmod(02770, ($newdirectory))) { - $request->print(' '.&mt('Error').': '.$!.''); + $request->print(''.&mt('Error').': '.$!.''); return 0; } return 1; @@ -1091,8 +1266,8 @@ sub NewDir2 { sub decompress2 { my ($r, $user, $dir, $file) = @_; - &Apache::lonnet::appenv('cgi.file' => $file); - &Apache::lonnet::appenv('cgi.dir' => $dir); + &Apache::lonnet::appenv({'cgi.file' => $file}); + &Apache::lonnet::appenv({'cgi.dir' => $dir}); my $result=&Apache::lonnet::ssi_body('/cgi-bin/decompress.pl'); $r->print($result); &Apache::lonnet::delenv('cgi.file'); @@ -1201,7 +1376,7 @@ sub phasetwo { } $dest = $env{'form.newfilename'}; } else { - $r->print('

'.&mt('No New filename specified').'

'); + $r->print('

'.&mt('No New filename specified').'

'); return; } @@ -1219,7 +1394,7 @@ sub phasetwo { $r->print('

'.&mt('Return to Directory').'

'); $r->print('

'.$disp_newname.'

'); } else { - $r->print('

'.&mt('Done').'

'); + $r->print(&done(&url($dest))); } } } @@ -1293,25 +1468,42 @@ sub handler { $js = qq| |; $loaditem{'onload'} = "writeDone()"; } + # Breadcrumbs + &Apache::lonhtmlcommon::clear_breadcrumbs(); + &Apache::lonhtmlcommon::add_breadcrumb({ + 'text' => 'Construction Space', + 'href' => &Apache::loncommon::authorspace(), + }); + &Apache::lonhtmlcommon::add_breadcrumb({ + 'text' => 'File Operation', + 'title' => 'Construction Space File Operation', + 'href' => '', + }); + $r->print(&Apache::loncommon::start_page('Construction Space File Operation', $js, - {'add_entries' => \%loaditem,})); + {'add_entries' => \%loaditem,}) + .&Apache::lonhtmlcommon::breadcrumbs() + .&Apache::loncommon::head_subbox( + &Apache::loncommon::CSTR_pageheader()) + ); $r->print('

'.&mt('Location').': '.&display($fn).'

'); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - $r->print('

'.&mt('Co-Author').': '.$uname.' at '.$udom. - '

'); + $r->print('

' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'

' + ); } @@ -1335,12 +1527,16 @@ function writeDone() { $env{'form.action'} eq 'newsequencefile' || $env{'form.action'} eq 'newrightsfile' || $env{'form.action'} eq 'newstyfile' || + $env{'form.action'} eq 'newtaskfile' || $env{'form.action'} eq 'newlibraryfile' || $env{'form.action'} eq 'Select Action' ) { $r->print('

'.&mt('New Resource').'

'); } else { - $r->print('

'.&mt('Unknown Action').' '.$env{'form.action'}.'

'. - &Apache::loncommon::end_page()); + $r->print('

' + .&mt('Unknown Action').' '.$env{'form.action'} + .'

' + .&Apache::loncommon::end_page() + ); return OK; } if ($env{'form.phase'} eq 'two') {