--- loncom/publisher/loncfile.pm	2008/09/24 17:30:18	1.90
+++ loncom/publisher/loncfile.pm	2011/10/24 22:39:21	1.111
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.90 2008/09/24 17:30:18 raeburn Exp $
+# $Id: loncfile.pm,v 1.111 2011/10/24 22:39:21 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -159,23 +159,25 @@ sub URLToPath {
     my $Url = shift;
     &Debug($r, "UrlToPath got: $Url");
     $Url=~ s/\/+/\//g;
-    $Url=~ s/^http\:\/\/[^\/]+//;
+    $Url=~ s/^https?\:\/\/[^\/]+//;
     $Url=~ s/^\///;
-    $Url=~ s/(\~|priv\/)($match_username)\//\/home\/$2\/public_html\//;
+    $Url='/home/httpd/html/'.$Url;
     &Debug($r, "Returning $Url \n");
     return $Url;
 }
 
 sub url {
     my $fn=shift;
-    $fn=~s/^\/home\/($match_username)\/public\_html/\/priv\/$1/;
+    $fn=~s/^\/home\/httpd\/html//;
+    $fn=~s/\/\.\//\//g;
     $fn=&HTML::Entities::encode($fn,'<>"&');
     return $fn;
 }
 
 sub display {
     my $fn=shift;
-    $fn=~s-^/home/($match_username)/public_html-/priv/$1-;
+    $fn=~s/^\/home\/httpd\/html//;
+    $fn=~s/\/\.\//\//g;
     return '<span class="LC_filename">'.$fn.'</span>';
 }
 
@@ -187,8 +189,7 @@ sub display {
 sub obsolete_unpub {
     my ($user,$domain,$construct)=@_;
     my $published=$construct;
-    $published=~
-	s/^\/home\/$user\/public\_html\//\/home\/httpd\/html\/res\/$domain\/$user\//;
+    $published=~s/^\/home\/httpd\/html\/priv\//\/home\/httpd\/html\/res\//;
     if (-e $published) {
 	if (&Apache::lonnet::metadata($published,'obsolete')) {
 	    return 1;
@@ -270,8 +271,7 @@ sub exists {
     $creating ||= 'file';
 
     my $published=$construct;
-    $published=~
-	s{^/home/$user/public_html/}{/home/httpd/html/res/$domain/$user/};
+    $published=~s{^/home/httpd/html/priv/}{/home/httpd/html/res/};
     my ($type,$result);
     if ( -d $construct ) {
 	return ('error','<p><span class="LC_error">'.&mt('Error: destination for operation is an existing directory.').'</span></p>');
@@ -345,9 +345,10 @@ sub checksuffix {
 }
 
 sub cleanDest {
-    my ($request,$dest,$subdir,$fn,$uname)=@_;
+    my ($request,$dest,$subdir,$fn,$uname,$udom)=@_;
     #remove bad characters
     my $foundbad=0;
+    my $error='';
     if ($subdir && $dest =~/\./) {
 	$foundbad=1;
 	$dest=~s/\.//g;
@@ -359,29 +360,40 @@ sub cleanDest {
     }
     if ($dest=~m|/|) {
 	my ($newpath)=($dest=~m|(.*)/|);
-	$newpath=&relativeDest($fn,$newpath,$uname);
+	($newpath,$error)=&relativeDest($fn,$newpath,$uname,$udom);
 	if (! -d "$newpath") {
-	    $request->print("<p><span class=\"LC_error\">".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"'.&display($newpath).'"')."</span></p>");
+	    $request->print('<p><span class="LC_warning">'
+                           .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name."
+                               ,&display($newpath))
+                           .'</span></p>');
 	    $dest=~s|.*/||;
 	}
     }
     if ($dest =~ /\.(\d+)\.(\w+)$/){
-	$request->print('<span class="LC_error">'
-			.&mt('Bad filename [_1].<br /> <tt>(name).(number).(extension)</tt> not allowed. <br /> Removing the <tt>.number.</tt> from requested filename.',&display($dest))
-			.'</span>');
+	$request->print('<p><span class="LC_warning">'
+			.&mt('Bad filename [_1]',&display($dest))
+                        .'<br />'
+                        .&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
+                        .'<br />'
+                        .&mt('Removing the [_1].number.[_2] from requested filename.','<tt>','</tt>')
+			.'</span></p>');
 	$dest =~ s/\.(\d+)(\.\w+)$/$2/;
     }
     if ($foundbad) {
-	$request->print("<p><span class=\"LC_error\">".&mt('Invalid characters in requested name have been removed.')."</span></p>");
+        $request->print('<p><span class="LC_warning">'
+                       .&mt('Invalid characters in requested name have been removed.')
+                        .'</span></p>'
+        );
     }
-    return $dest;
+    return ($dest,$error);
 }
 
 sub relativeDest {
-    my ($fn,$newfilename,$uname)=@_;
+    my ($fn,$newfilename,$uname,$udom)=@_;
+    my $error = '';
     if ($newfilename=~/^\//) {
 # absolute, simply add path
-	$newfilename='/home/'.$uname.'/public_html/';
+	$newfilename='/home/httpd/html/res/'.$udom.'/'.$uname.'/';
     } else {
 	my $dir=$fn;
 	$dir=~s/\/[^\/]+$//;
@@ -391,7 +403,12 @@ sub relativeDest {
     while ($newfilename=~m:/\.\./:) {
 	$newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/..
     }
-    return $newfilename;
+    my ($authorname,$authordom)=&Apache::loncacc::constructaccess($newfilename);
+    unless (($authorname) && ($authordom)) {
+       my $otherdir = &display($newfilename);
+       $error = &mt('Access denied to [_1]',$otherdir);
+    }
+    return ($newfilename,$error);
 }
 
 =pod
@@ -416,7 +433,7 @@ sub CloseForm1 {
     my ($request,  $fn) = @_;
     $request->print('<p><input type="submit" value="'.&mt('Continue').'" /></p></form>');
     $request->print('<form action="'.&url($fn).
-		    '" method="POST"><p><input type="submit" value="'.&mt('Cancel').'" /></p></form>');
+		    '" method="post"><p><input type="submit" value="'.&mt('Cancel').'" /></p></form>');
 }
 
 
@@ -507,10 +524,10 @@ sub Rename1 {
 	    if (-d $fn) {
 		$newfilename=~/\.(\w+)$/;
 		if (&Apache::loncommon::fileembstyle($1) eq 'ssi') {
-		    $request->print('<br /><span classr="LC_warning">'.
-				    &mt('Cannot change MIME type of a directory').
+		    $request->print('<p><span class="LC_error">'.
+				    &mt('Cannot change MIME type of a directory.').
 				    '</span>'.
-				    '<br /><a href="'.&url($fn).'">'.&mt('Cancel').'</a>');
+				    '<br /><a href="'.&url($fn).'">'.&mt('Cancel').'</a></p>');
 		    return;
 		}
 		$newfilename=~s/\/[^\/]+\/([^\/]+)$/\/$1/;
@@ -526,27 +543,38 @@ sub Rename1 {
 		return;
 	    }
 	    unless (&obsolete_unpub($user,$domain,$fn)) {
-		$request->print('<h3>'.&mt('Cannot rename or move non-obsolete published file').'</h3>'.
-				'<br /><a href="'.&url($fn).'">'.&mt('Cancel').'</a>');
+                $request->print('<p><span class="LC_error">'
+                               .&mt('Cannot rename or move non-obsolete published file.')
+                               .'</span><br />'
+                               .'<a href="'.&url($fn).'">'.&mt('Cancel').'</a></p>'
+                );
 		return;
 	    }
 	    my $action;
 	    if ($style eq 'rename') {
-		$action=&mt('Rename');
+		$action='Rename';
 	    } else {
-		$action=&mt('Move');
+		$action='Move';
 	    }
-	    $request->print('<input type="hidden" name="newfilename" value="'.
-			    $newfilename.
-			    '" /><p>'.$action.' '.&display($fn).
-			    '</p><br />to '.&display($newfilename).'?</p>');
+            $request->print('<input type="hidden" name="newfilename" value="'
+                           .$newfilename.'" />'
+                           .'<p>'
+                           .&mt($action.' [_1] to [_2]?',
+                                &display($fn),
+                                &display($newfilename))
+                           .'</p>'
+        );
 	    &CloseForm1($request, $fn);
 	} else {
-	    $request->print('<p>'.&mt('No new filename specified.').'</p></form>');
+	    $request->print('<p class="LC_error">'.&mt('No new filename specified.').'</p></form>');
 	    return;
 	}
     } else {
-	$request->print('<p> '.&mt('No such file').': '.&display($fn).'</p></form>');
+        $request->print('<p class="LC_error">'
+                       .&mt('No such file: [_1]',
+                            &display($fn))
+                       .'</p></form>'
+        );
 	return;
     }
     
@@ -581,25 +609,41 @@ sub Delete1 {
 
     if( -e $fn) {
 	$request->print('<input type="hidden" name="newfilename" value="'.
-			$fn.'"/>');
+			$fn.'" />');
         if (-d $fn) {
             unless (&empty_directory($fn,'Delete1')) {
-                $request->print('<h3>'.&mt('Only empty directories may be deleted.').'</h3>'.
-                            'You must delete the contents of the directory first.<br />'.
-                            '<br /><a href="'.&url($fn).'">'.&mt('Cancel').'</a>');
+                $request->print('<p>'
+                               .'<span class="LC_error">'
+                               .&mt('Only empty directories may be deleted.')
+                               .'</span><br />'
+                               .&mt('You must delete the contents of the directory first.')
+                               .'</p>'
+                               .'<p><a href="'.&url($fn).'">'.&mt('Cancel').'</a></p>'
+                );
                 return;
             }
         } else { 
 	    unless (&obsolete_unpub($user,$domain,$fn)) {
-	        $request->print('<h3>'.&mt('Cannot delete non-obsolete published file').'</h3>'.
-			    '<br /><a href="'.&url($fn).'">'.&mt('Cancel').'</a>');
+                $request->print('<p><span class="LC_error">'
+                               .&mt('Cannot delete non-obsolete published file.')
+                               .'</span><br />'
+                               .'<a href="'.&url($fn).'">'.&mt('Cancel').'</a></p>'
+                );
 	        return;
 	    }
         }
-	$request->print('<p>'.&mt('Delete').' '.&display($fn).'?</p>');
+        $request->print('<p>'
+                       .&mt('Delete [_1]?',
+                            &display($fn))
+                       .'</p>'
+        );
 	&CloseForm1($request, $fn);
     } else {
-	$request->print('<p>'.&mt('No such file').': '.&display($fn).'</p></form>');
+        $request->print('<p class="LC_error">'
+                       .&mt('No such file: [_1]',
+                            &display($fn))
+                       .'</p></form>'
+        );
     }
 }
 
@@ -653,13 +697,22 @@ sub Copy1 {
 	    $request->print('<br /><a href="'.&url($fn).'">'.&mt('Cancel').'</a>');
 	    return;
 	}
-	$request->print('<input type="hidden" name="newfilename" value="'.
-			$newfilename.
-			'" /><p>'.&mt('Copy').' '.&display($fn).'<br />to '.
-			&display($newfilename).'?</p>');
+    $request->print(
+        '<input type="hidden" name="newfilename"'
+       .' value="'.$newfilename.'" />'
+       .'<p>'
+       .&mt('Copy [_1] to [_2]?',
+            &display($fn),
+            &display($newfilename))
+       .'</p>'
+        );
 	&CloseForm1($request, $fn);
     } else {
-	$request->print('<p>'.&mt('No such file').': '.&display($fn).'</p></form>');
+        $request->print('<p class="LC_error">'
+                       .&mt('No such file: [_1]',
+                            &display($fn))
+                       .'</p></form>'
+        );
     }
 }
 
@@ -710,14 +763,17 @@ sub NewDir1 {
     if ($type eq 'error') {
 	$request->print('</form>');
     } else {
-	if ($mode eq 'testbank') {
-	    $request->print('<input type="hidden" name="callingmode" value="testbank">');
-	} elsif ($mode eq 'imsimport') {
-	    $request->print('<input type="hidden" name="callingmode" value="imsimport">');
-	}
-	$request->print('<input type="hidden" name="newfilename" value="'.
-			$newfilename.'" /><p>'.&mt('Make new directory').' '.
-			&display($newfilename).'?</p>');
+	if (($mode eq 'testbank') || ($mode eq 'imsimport')) {
+	    $request->print('<input type="hidden" name="callingmode" value="'.$mode.'" />'."\n".
+                            '<input type="hidden" name="inhibitmenu" value="yes" />');
+	}
+        $request->print('<input type="hidden" name="newfilename" value="'
+                       .$newfilename.'" />'
+                       .'<p>'
+                       .&mt('Make new directory [_1]?',
+                            &display($newfilename))
+                       .'</p>'
+        );
 	&CloseForm1($request, $fn);
     }
 }
@@ -726,11 +782,19 @@ sub NewDir1 {
 sub Decompress1 {
     my ($request, $user, $domain, $fn) = @_;
     if( -e $fn) {
-   	$request->print('<input type="hidden" name="newfilename" value="'.$fn.'"/>');
-   	$request->print('<p>'.&mt('Decompress').' '.&display($fn).'?</p>');
+   	$request->print('<input type="hidden" name="newfilename" value="'.$fn.'" />');
+   	$request->print('<p>'
+                   .&mt('Decompress [_1]?',
+                        &display($fn))
+                   .'</p>'
+    );
    	&CloseForm1($request, $fn);
     } else {
-	$request->print('<p>'.&mt('No such file').': '.&display($fn).'</p></form>');
+        $request->print('<p class="LC_error">'
+                       .&mt('No such file: [_1]',
+                            &display($fn))
+                       .'</p></form>'
+        );
     }
 }
 
@@ -776,23 +840,10 @@ button which returns you to the driector
 
 sub NewFile1 {
     my ($request, $user, $domain, $fn, $newfilename) = @_;
+    return if (&filename_check($newfilename) ne 'ok');
 
     if ($env{'form.action'} =~ /new(.+)file/) {
 	my $extension=$1;
-
-        ##Informs User (name).(number).(extension) not allowed 
-	if($newfilename =~ /\.(\d+)\.(\w+)$/){
-	    $r->print('<span class="LC_error">'.$newfilename.
-		      ' - '.&mt('Bad Filename').'<br />('.&mt('name').').('.&mt('number').').('.&mt('extension').') '.
-		      ' '.&mt('Not Allowed').'</span>');
-	    return;
-	}
-	if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){
-	    $r->print('<span class="LC_error">'.$newfilename.
-		      ' - '.&mt('Bad Filename').'<br />('.&mt('Must not include').' '.$1.') '.
-		      ' '.&mt('Not Allowed').'</span>');
-	    return;
-	}
 	if ($newfilename !~ /\Q.$extension\E$/) {
 	    if ($newfilename =~ m|/[^/.]*\.(?:[^/.]+)$|) {
 		#already has an extension strip it and add in expected one
@@ -806,14 +857,57 @@ sub NewFile1 {
     if ($type eq 'error') {
 	$request->print('</form>');
     } else {
-	
+        my $extension;
+
+        if ($newfilename =~ m{[^/.]+\.([^/.]+)$}) {
+            $extension = $1;
+        }
+
+        my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty task library js css txt);
+        if (($extension eq '') || (!grep(/^\Q$extension\E/,@okexts))) {
+            my $validexts = '.'.join(', .',@okexts);
+            $request->print('<p class="LC_warning">'.
+                &mt('Invalid filename: ').&display($newfilename).'</p><p>'.
+                &mt('The name of the new file needs to end with an appropriate file extension to indicate the type of file to create.').'<br />'.
+                &mt('The following are valid extensions: [_1].',$validexts).
+                '</p></form><p>'.
+		'<form name="fileaction" action="/adm/cfile" method="post">'.
+                '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.
+		'<input type="hidden" name="action" value="newfile" />'.
+	        '<span class ="LC_nobreak">'.&mt('Enter a file name: ').'<input type="text" name="newfilename" value="Type Name Here" onfocus="if (this.value == '."'Type Name Here') this.value=''".'" />&nbsp;<input type="submit" value="Go" />'.
+                '</span></form></p>'.
+                '<p><form action="'.&url($fn).
+                '" method="post"><p><input type="submit" value="'.&mt('Cancel').'" /></form></p>');
+            return;
+        }
+
 	$request->print('<p>'.&mt('Make new file').' '.&display($newfilename).'?</p>');
 	$request->print('</form>');
+
 	$request->print('<form action="'.&url($newfilename).
-			'" method="POST"><p><input type="submit" value="'.&mt('Continue').'" /></p></form>');
+			'" method="post"><p><input type="submit" value="'.&mt('Continue').'" /></p></form>');
 	$request->print('<form action="'.&url($fn).
-			'" method="POST"><p><input type="submit" value="'.&mt('Cancel').'" /></p></form>');
+			'" method="post"><p><input type="submit" value="'.&mt('Cancel').'" /></p></form>');
     }
+    return;
+}
+
+sub filename_check {
+    my ($newfilename) = @_;
+    ##Informs User (name).(number).(extension) not allowed
+    if($newfilename =~ /\.(\d+)\.(\w+)$/){
+        $r->print('<span class="LC_error">'.$newfilename.
+                  ' - '.&mt('Bad Filename').'<br />('.&mt('name').').('.&mt('number').').('.&mt('extension').') '.
+                  ' '.&mt('Not Allowed').'</span>');
+        return;
+    }
+    if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){
+        $r->print('<span class="LC_error">'.$newfilename.
+                  ' - '.&mt('Bad Filename').'<br />('.&mt('Must not include').' '.$1.') '.
+                  ' '.&mt('Not Allowed').'</span>');
+        return;
+    }
+    return 'ok'; 
 }
 
 =pod
@@ -849,8 +943,23 @@ sub phaseone {
   
     my $doingdir=0;
     if ($env{'form.action'} eq 'newdir') { $doingdir=1; }
-    my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname);
-    $newfilename=&relativeDest($fn,$newfilename,$uname);
+    my ($newfilename,$error) = 
+        &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname,$udom);
+    unless ($error) {
+        ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname,$udom);
+    }
+    if ($error) {
+        my $dirlist;
+        if ($fn=~m{^(.*/)[^/]+$}) {
+            $dirlist=$1;
+        } else {
+            $dirlist=$fn; 
+        }
+        $r->print('<div class="LC_error">'.$error.'</div>'.
+                  '<h3><a href="'.&url($dirlist).'">'.&mt('Return to Directory').
+                  '</a></h3>');
+        return;
+    }
     $r->print('<form action="/adm/cfile" method="post">'.
 	      '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.
 	      '<input type="hidden" name="phase" value="two" />'.
@@ -868,7 +977,10 @@ sub phaseone {
 	if($newfilename) {
 	    &Copy1($r, $uname, $udom, $fn, $newfilename);
 	} else {
-	    $r->print('<p>'.&mt('No new filename specified.').'</p></form>');
+            $r->print('<p class="LC_error">'
+                     .&mt('No new filename specified.')
+                     .'</p></form>'
+            );
 	}
     } elsif ($env{'form.action'} eq 'newdir') {
 	my $mode = '';
@@ -890,7 +1002,10 @@ sub phaseone {
 	if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) {
 	    &NewFile1($r, $uname, $udom, $fn, $newfilename);
 	} else {
-	    $r->print('<p>'.&mt('No new filename specified.').'</p></form>');
+            $r->print('<p class="LC_error">'
+                     .&mt('No new filename specified.')
+                     .'</p></form>'
+            );
 	}
     }
 }
@@ -977,7 +1092,12 @@ sub Rename2 {
 	    unlink $tmp2;
 	}
     } else {
-	$request->print("<p> ".&mt('No such file').": ".&display($oldfile).'</p></form>');
+        $request->print(
+            '<p>'
+           .&mt('No such file: [_1]',
+                &display($oldfile))
+           .'</p></form>'
+        );
 	return 0;
     }
     return 1;
@@ -1025,7 +1145,7 @@ sub Delete2 {
 		    return 0;
 		}
 	    } else {
-		$request->print('<p> '.&mt('No such file').'. </p></form>');
+        	$request->print('<p class="LC_error">'.&mt('No such file').'</p></form>');
 		return 0;
 	    }
 	}
@@ -1036,7 +1156,7 @@ sub Delete2 {
 		return 0;
 	    }
 	} else {
-	    $request->print('<p> '.&mt('No such file').'. </p></form>');
+            $request->print('<p class="LC_error">'.&mt('No such file').'</p></form>');
 	    return 0;
 	}
     }
@@ -1095,7 +1215,7 @@ sub Copy2 {
 	    return 1;
 	}
     } else {
-	$request->print('<p> '.&mt('No such file').' </p>');
+        $request->print('<p class="LC_error">'.&mt('No such file').'</p>');
 	return 0;
     }
     return 1;
@@ -1249,7 +1369,7 @@ sub phasetwo {
 	    }
 	    $dest = $env{'form.newfilename'};
      	} else {
-	    $r->print('<p>'.&mt('No New filename specified').'</p></form>');
+            $r->print('<p class="LC_error">'.&mt('No New filename specified').'</p></form>');
 	    return;
 	}
 	
@@ -1318,8 +1438,7 @@ sub handler {
     my $uname;
     my $udom;
 
-    ($uname,$udom)=
-	&Apache::loncacc::constructaccess($fn,$r->dir_config('lonDefDomain'));
+    ($uname,$udom)=&Apache::loncacc::constructaccess($fn);
     &Debug($r, 
 	   "loncfile::handler constructaccess uname = $uname domain = $udom");
     unless (($uname) && ($udom)) {
@@ -1350,15 +1469,33 @@ function writeDone() {
 	$loaditem{'onload'} = "writeDone()";
     }
     
+    # Breadcrumbs
+    &Apache::lonhtmlcommon::clear_breadcrumbs();
+    &Apache::lonhtmlcommon::add_breadcrumb({
+        'text'  => 'Construction Space',
+        'href'  => &Apache::loncommon::authorspace(),
+    });
+    &Apache::lonhtmlcommon::add_breadcrumb({
+        'text'  => 'File Operation',
+        'title' => 'Construction Space File Operation',
+        'href'  => '',
+    });
+
     $r->print(&Apache::loncommon::start_page('Construction Space File Operation',
 					     $js,
-					     {'add_entries' => \%loaditem,}));
+					     {'add_entries' => \%loaditem,})
+             .&Apache::lonhtmlcommon::breadcrumbs()
+             .&Apache::loncommon::head_subbox(
+                  &Apache::loncommon::CSTR_pageheader())
+    );
   
     $r->print('<h3>'.&mt('Location').': '.&display($fn).'</h3>');
   
     if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) {
-	$r->print('<h3><span class="LC_error">'.&mt('Co-Author').': '.$uname.' at '.$udom.
-		  '</span></h3>');
+        $r->print('<p class="LC_info">'
+                 .&mt('Co-Author [_1]',$uname.':'.$udom)
+                 .'</p>'
+        );
     }
 
 
@@ -1387,8 +1524,11 @@ function writeDone() {
 	     $env{'form.action'} eq 'Select Action' ) {
 	$r->print('<h3>'.&mt('New Resource').'</h3>');
     } else {
-	$r->print('<p>'.&mt('Unknown Action').' '.$env{'form.action'}.' </p>'.
-		  &Apache::loncommon::end_page());
+        $r->print('<p class="LC_error">'
+                 .&mt('Unknown Action').' '.$env{'form.action'}
+                 .'</p>'
+                 .&Apache::loncommon::end_page()
+        );
 	return OK;  
     }
     if ($env{'form.phase'} eq 'two') {