version 1.105, 2010/12/14 16:26:04
|
version 1.106, 2011/03/01 01:36:55
|
Line 348 sub cleanDest {
|
Line 348 sub cleanDest {
|
my ($request,$dest,$subdir,$fn,$uname)=@_; |
my ($request,$dest,$subdir,$fn,$uname)=@_; |
#remove bad characters |
#remove bad characters |
my $foundbad=0; |
my $foundbad=0; |
|
my $error=''; |
if ($subdir && $dest =~/\./) { |
if ($subdir && $dest =~/\./) { |
$foundbad=1; |
$foundbad=1; |
$dest=~s/\.//g; |
$dest=~s/\.//g; |
Line 359 sub cleanDest {
|
Line 360 sub cleanDest {
|
} |
} |
if ($dest=~m|/|) { |
if ($dest=~m|/|) { |
my ($newpath)=($dest=~m|(.*)/|); |
my ($newpath)=($dest=~m|(.*)/|); |
$newpath=&relativeDest($fn,$newpath,$uname); |
($newpath,$error)=&relativeDest($fn,$newpath,$uname); |
if (! -d "$newpath") { |
if (! -d "$newpath") { |
$request->print('<p><span class="LC_warning">' |
$request->print('<p><span class="LC_warning">' |
.&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name." |
.&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name." |
Line 384 sub cleanDest {
|
Line 385 sub cleanDest {
|
.'</span></p>' |
.'</span></p>' |
); |
); |
} |
} |
return $dest; |
return ($dest,$error); |
} |
} |
|
|
sub relativeDest { |
sub relativeDest { |
my ($fn,$newfilename,$uname)=@_; |
my ($fn,$newfilename,$uname)=@_; |
|
my $error = ''; |
if ($newfilename=~/^\//) { |
if ($newfilename=~/^\//) { |
# absolute, simply add path |
# absolute, simply add path |
$newfilename='/home/'.$uname.'/public_html/'; |
$newfilename='/home/'.$uname.'/public_html/'; |
Line 401 sub relativeDest {
|
Line 403 sub relativeDest {
|
while ($newfilename=~m:/\.\./:) { |
while ($newfilename=~m:/\.\./:) { |
$newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. |
$newfilename=~ s:/[^/]+/\.\./:/:g; #remove dir/.. |
} |
} |
return $newfilename; |
if ($newfilename =~ m{^/home/($match_username)/(?:public\_html|priv)/}) { |
|
my $otheruname = $1; |
|
unless ($otheruname eq $uname) { |
|
my ($authorname,$authordom)= |
|
&Apache::loncacc::constructaccess($newfilename,$env{'request.role.domain'}); |
|
unless (($authorname eq $otheruname) && ($authordom ne '')) { |
|
my $otherdir = &display($newfilename); |
|
$error = &mt('Access denied to [_1]',$otherdir); |
|
} |
|
} |
|
} |
|
return ($newfilename,$error); |
} |
} |
|
|
=pod |
=pod |
Line 936 sub phaseone {
|
Line 949 sub phaseone {
|
|
|
my $doingdir=0; |
my $doingdir=0; |
if ($env{'form.action'} eq 'newdir') { $doingdir=1; } |
if ($env{'form.action'} eq 'newdir') { $doingdir=1; } |
my $newfilename=&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); |
my ($newfilename,$error) = |
$newfilename=&relativeDest($fn,$newfilename,$uname); |
&cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname); |
|
unless ($error) { |
|
($newfilename,$error)=&relativeDest($fn,$newfilename,$uname); |
|
} |
|
if ($error) { |
|
my $dirlist; |
|
if ($fn=~m{^(.*/)[^/]+$}) { |
|
$dirlist=$1; |
|
} else { |
|
$dirlist=$fn; |
|
} |
|
$r->print('<div class="LC_error">'.$error.'</div>'. |
|
'<h3><a href="'.&url($dirlist).'">'.&mt('Return to Directory'). |
|
'</a></h3>'); |
|
return; |
|
} |
$r->print('<form action="/adm/cfile" method="post">'. |
$r->print('<form action="/adm/cfile" method="post">'. |
'<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'. |
'<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'. |
'<input type="hidden" name="phase" value="two" />'. |
'<input type="hidden" name="phase" value="two" />'. |