--- loncom/publisher/loncfile.pm	2015/01/19 15:36:11	1.123
+++ loncom/publisher/loncfile.pm	2023/07/14 14:32:57	1.126
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.123 2015/01/19 15:36:11 goltermann Exp $
+# $Id: loncfile.pm,v 1.126 2023/07/14 14:32:57 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -109,13 +109,13 @@ sub Debug {
 }
 
 sub done {
-    my ($url) = @_;
+    my ($destfn) = @_;
     return
        '<p>'
       .&Apache::lonhtmlcommon::confirm_success(&mt("Done"))
-      .'<br /><a href="'.$url.'">'.&mt("Continue").'</a>'
+      .'<br /><a href="'.&url($destfn).'">'.&mt("Continue").'</a>'
       .'<script type="text/javascript">'
-      .'location.href="'.$url.'";'
+      .'location.href="'.&url($destfn,'js').'";'
       .'</script>'
       .'</p>';
 }
@@ -167,11 +167,15 @@ sub URLToPath {
 }
 
 sub url {
-    my $fn=shift;
+    my ($fn,$context) = @_;
     my $londocroot = $Apache::lonnet::perlvar{'lonDocRoot'};
     $fn=~ s/^\Q$londocroot\E//;
     $fn=~s{/\./}{/}g;
-    $fn=&HTML::Entities::encode($fn,'<>"&');
+    if ($context eq 'js') {
+        &js_escape(\$fn);
+    } else {
+        $fn=&HTML::Entities::encode($fn,'\'<>"&');
+    }
     return $fn;
 }
 
@@ -279,28 +283,28 @@ sub exists {
     $published=~s{^\Q$londocroot/priv/\E}{$londocroot/res/};
     my ($type,$result);
     if ( -d $construct ) {
-	return ('error','<p><span class="LC_error">'.&mt('Error: destination for operation is an existing directory.').'</span></p>');
+	return ('error','<p class="LC_error">'.&mt('Error: destination for operation is an existing directory.').'</p>');
 	
     }
 
     if ( -e $published) {
 	if ( -e $construct ) {
 	    $type = 'warning';
-	    $result.='<p><span class="LC_warning">'.&mt('Warning: target file exists, and has been published!').'</span></p>';
+	    $result.='<p class="LC_warning">'.&mt('Warning: target file exists, and has been published!').'</p>';
 	} else {
 	    my $published_type = (-d $published) ? 'directory' : 'file';
 
 	    if ($published_type eq $creating) {
 		$type = 'warning';
-		$result.='<p><span class="LC_warning">'.&mt("Warning: a published $published_type of this name exists.").'</span></p>';
+		$result.='<p class="LC_warning">'.&mt("Warning: a published $published_type of this name exists.").'</p>';
 	    } else {
 		$type = 'error';
-		$result.='<p><span class="LC_error">'.&mt("Error: a published $published_type of this name exists.").'</span></p>';
+		$result.='<p class="LC_error">'.&mt("Error: a published $published_type of this name exists.").'</p>';
 	    }
 	}
     } elsif ( -e $construct) {
 	$type = 'warning';
-	$result.='<p><span class="LC_warning">'.&mt('Warning: target file exists!').'</span></p>';
+	$result.='<p class="LC_warning">'.&mt('Warning: target file exists!').'</p>';
     }
 
     return ($type,$result);
@@ -344,15 +348,16 @@ sub checksuffix {
     if ($old=~m:(.*)/+([^/]+)\.(\w+)$:) { $oldsuffix=$3; }
     if (lc($oldsuffix) ne lc($newsuffix)) {
 	$result.=
-            '<p><span class="LC_warning">'.&mt('Warning: change of MIME type!').'</span></p>';
+            '<p class="LC_warning">'.&mt('Warning: change of MIME type!').'></p>';
     }
     return $result;
 }
 
 sub cleanDest {
-    my ($request,$dest,$subdir,$fn,$uname,$udom)=@_;
+    my ($dest,$subdir,$fn,$uname,$udom)=@_;
     #remove bad characters
     my $foundbad=0;
+    my $warnings;
     my $error='';
     if ($subdir && $dest =~/\./) {
 	$foundbad=1;
@@ -367,30 +372,29 @@ sub cleanDest {
 	my ($newpath)=($dest=~m|(.*)/|);
 	($newpath,$error)=&relativeDest($fn,$newpath,$uname,$udom);
 	if (! -d "$newpath") {
-	    $request->print('<p><span class="LC_warning">'
-                           .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested filename."
-                               ,&display($newpath))
-                           .'</span></p>');
+	    $warnings = '<p class="LC_warning">'
+                       .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested filename."
+                           ,&display($newpath))
+                       .'</p>';
 	    $dest=~s|.*/||;
 	}
     }
-    if ($dest =~ /\.(\d+)\.(\w+)$/){
-	$request->print('<p><span class="LC_warning">'
-			.&mt('Bad filename [_1]',&display($dest))
-                        .'<br />'
-                        .&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
-                        .'<br />'
-                        .&mt('Removing the [_1].number.[_2] from requested filename.','<tt>','</tt>')
-			.'</span></p>');
+    if ($dest =~ /\.(\d+)\.(\w+)$/) {
+	$warnings .= '<p class="LC_warning">'
+                    .&mt('Bad filename [_1]',&display($dest))
+                    .'<br />'
+                    .&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
+                    .'<br />'
+                    .&mt('Removing the [_1].number.[_2] from requested filename.','<tt>','</tt>')
+                    .'</p>';
 	$dest =~ s/\.(\d+)(\.\w+)$/$2/;
     }
     if ($foundbad) {
-        $request->print('<p><span class="LC_warning">'
-                       .&mt('Invalid characters in requested name have been removed.')
-                        .'</span></p>'
-        );
+        $warnings .= '<p class="LC_warning">'
+                    .&mt('Invalid characters in requested name have been removed.')
+                    .'</p>';
     }
-    return ($dest,$error);
+    return ($dest,$error,$warnings);
 }
 
 sub relativeDest {
@@ -469,7 +473,7 @@ Parameters:
 
 sub CloseForm2 {
     my ($request, $user, $fn) = @_;
-    $request->print(&done(&url($fn)));
+    $request->print(&done($fn));
 }
 
 =pod
@@ -840,6 +844,9 @@ Parameters:
 
 =item   $newfilename
                   - Name of the file to be created; no path information
+
+=item   $warnings - Information about changes to filename made by cleanDest().
+
 =back
 
 Side Effects:
@@ -856,8 +863,8 @@ button which returns you to the director
 =cut
 
 sub NewFile1 {
-    my ($request, $user, $domain, $fn, $newfilename) = @_;
-    return if (&filename_check($newfilename) ne 'ok');
+    my ($request, $user, $domain, $fn, $newfilename, $warnings) = @_;
+    return if (&filename_check($newfilename,$warnings) ne 'ok');
 
     if ($env{'form.action'} =~ /new(.+)file/) {
 	my $extension=$1;
@@ -870,8 +877,8 @@ sub NewFile1 {
 	}
     }
     my ($type, $result)=&exists($user,$domain,$newfilename);
-    $request->print($result);
     if ($type eq 'error') {
+        $request->print($warnings.$result);
 	$request->print('</form>');
     } else {
         my $extension;
@@ -883,6 +890,7 @@ sub NewFile1 {
         my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty task library js css txt);
         if (($extension eq '') || (!grep(/^\Q$extension\E/,@okexts))) {
             my $validexts = '.'.join(', .',@okexts);
+            $request->print($warnings.$result);
             $request->print('<p class="LC_warning">'.
                 &mt('Invalid filename: ').&display($newfilename).'</p><p>'.
                 &mt('The name of the new file needs to end with an appropriate file extension to indicate the type of file to create.').'<br />'.
@@ -895,14 +903,15 @@ sub NewFile1 {
                 '</span></form></p>'.
                 '<p><form action="'.&url($fn).
                 '" method="post"><p><input type="submit" value="'.&mt('Cancel').'" /></form></p>');
-        } elsif ($type ne 'warning') {
+        } elsif (($type ne 'warning') && ($warnings eq '') && ($result eq '')) {
             my $query = "";
             $query .= "?mode=" . $env{'form.mode'} unless (!exists($env{'form.mode'}) || !length($env{'form.mode'}));
             $request->print('
                 <script type="text/javascript">
-                    window.location = "'.&url($newfilename). $query .'";
+                    window.location = "'.&url($newfilename,'js'). $query .'";
                 </script>');
         } else {
+            $request->print($warnings.$result);
             $request->print('<p>'.&mt('Make new file').' '.&display($newfilename).'?</p>');
             $request->print('</form>');
             $request->print('<form action="'.&url($newfilename).
@@ -965,8 +974,8 @@ sub phaseone {
   
     my $doingdir=0;
     if ($env{'form.action'} eq 'newdir') { $doingdir=1; }
-    my ($newfilename,$error) = 
-        &cleanDest($r,$env{'form.newfilename'},$doingdir,$fn,$uname,$udom);
+    my ($newfilename,$error,$warnings) = 
+        &cleanDest($env{'form.newfilename'},$doingdir,$fn,$uname,$udom);
     unless ($error) {
         ($newfilename,$error)=&relativeDest($fn,$newfilename,$uname,$udom);
     }
@@ -977,6 +986,9 @@ sub phaseone {
         } else {
             $dirlist=$fn; 
         }
+        if ($warnings) {
+            $r->print($warnings);
+        }
         $r->print('<div class="LC_error">'.$error.'</div>'.
                   '<p><a href="'.&url($dirlist).'">'.&mt('Return to Directory').
                   '</a></p>');
@@ -986,49 +998,57 @@ sub phaseone {
 	      '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.
 	      '<input type="hidden" name="phase" value="two" />'.
 	      '<input type="hidden" name="action" value="'.$env{'form.action'}.'" />');
-  
-    if ($env{'form.action'} eq 'rename') {
-	&Rename1($r, $uname, $udom, $fn, $newfilename, 'rename');
-    } elsif ($env{'form.action'} eq 'move') {
-	&Rename1($r, $uname, $udom, $fn, $newfilename, 'move');
-    } elsif ($env{'form.action'} eq 'delete') { 
-	&Delete1($r, $uname, $udom, $fn);
-    } elsif ($env{'form.action'} eq 'decompress') {
-	&Decompress1($r, $uname, $udom, $fn);
-    } elsif ($env{'form.action'} eq 'copy') { 
-	if($newfilename) {
-	    &Copy1($r, $uname, $udom, $fn, $newfilename);
-	} else {
-            $r->print('<p class="LC_error">'
-                     .&mt('No new filename specified.')
-                     .'</p></form>'
-            );
-	}
-    } elsif ($env{'form.action'} eq 'newdir') {
-	my $mode = '';
-	if (exists($env{'form.callingmode'}) ) {
-	    $mode = $env{'form.callingmode'};
-	}   
-	&NewDir1($r, $uname, $udom, $fn, $newfilename, $mode);
-    }  elsif ($env{'form.action'} eq 'newfile' ||
-	      $env{'form.action'} eq 'newhtmlfile' ||
-	      $env{'form.action'} eq 'newproblemfile' ||
-	      $env{'form.action'} eq 'newpagefile' ||
-	      $env{'form.action'} eq 'newsequencefile' ||
-	      $env{'form.action'} eq 'newrightsfile' ||
-	      $env{'form.action'} eq 'newstyfile' ||
-	      $env{'form.action'} eq 'newtaskfile' ||
-              $env{'form.action'} eq 'newlibraryfile' ||
-	      $env{'form.action'} eq 'Select Action') {
+
+    if ($env{'form.action'} eq 'newfile' ||
+        $env{'form.action'} eq 'newhtmlfile' ||
+        $env{'form.action'} eq 'newproblemfile' ||
+        $env{'form.action'} eq 'newpagefile' ||
+        $env{'form.action'} eq 'newsequencefile' ||
+        $env{'form.action'} eq 'newrightsfile' ||
+        $env{'form.action'} eq 'newstyfile' ||
+        $env{'form.action'} eq 'newtaskfile' ||
+        $env{'form.action'} eq 'newlibraryfile' ||
+        $env{'form.action'} eq 'Select Action') {
         my $empty=&mt('Type Name Here');
-	if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) {
-	    &NewFile1($r, $uname, $udom, $fn, $newfilename);
-	} else {
+        if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) {
+            &NewFile1($r, $uname, $udom, $fn, $newfilename, $warnings);
+        } else {
+            if ($warnings) {
+                $r->print($warnings);
+            }
             $r->print('<p class="LC_error">'
                      .&mt('No new filename specified.')
                      .'</p></form>'
             );
-	}
+        }
+    } else {
+        if ($warnings) {
+            $r->print($warnings);
+        }
+        if ($env{'form.action'} eq 'rename') {
+	    &Rename1($r, $uname, $udom, $fn, $newfilename, 'rename');
+        } elsif ($env{'form.action'} eq 'move') {
+	    &Rename1($r, $uname, $udom, $fn, $newfilename, 'move');
+        } elsif ($env{'form.action'} eq 'delete') { 
+	    &Delete1($r, $uname, $udom, $fn);
+        } elsif ($env{'form.action'} eq 'decompress') {
+	    &Decompress1($r, $uname, $udom, $fn);
+        } elsif ($env{'form.action'} eq 'copy') { 
+	    if ($newfilename) {
+	        &Copy1($r, $uname, $udom, $fn, $newfilename);
+	    } else {
+                $r->print('<p class="LC_error">'
+                         .&mt('No new filename specified.')
+                         .'</p></form>'
+                );
+            }
+        } elsif ($env{'form.action'} eq 'newdir') {
+	    my $mode = '';
+	    if (exists($env{'form.callingmode'}) ) {
+	        $mode = $env{'form.callingmode'};
+	    }
+	    &NewDir1($r, $uname, $udom, $fn, $newfilename, $mode);
+        }
     }
 }
 
@@ -1417,7 +1437,7 @@ sub phasetwo {
                      ['<a href="'.&url($dest).'">'.&mt('Return to Directory').'</a>',
                       '<a href="'.&url($dest_newname).'">'.$disp_newname.'</a>']));
         } else {
-	    $r->print(&done(&url($dest)));
+	    $r->print(&done($dest));
 	}
     }
 }
@@ -1457,7 +1477,7 @@ sub handler {
 	return HTTP_NOT_FOUND;
     }
 
-    unless ($fn) { 
+    unless ($fn) {
 	&Debug($r, "loncfile::handler - doctored url is empty");
 	$r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
 		       ' trying to cfile non-existing file', $r->filename); 
@@ -1500,20 +1520,33 @@ function writeDone() {
     my $londocroot = $r->dir_config('lonDocRoot');
     my $trailfile = $fn;
     $trailfile =~ s{^/(priv/)}{$londocroot/$1};
-    
+
     # Breadcrumbs
+    my $crsauthor;
+    my $text = 'Authoring Space';
+    my $title = 'Authoring Space File Operation',
+    my $href = &Apache::loncommon::authorspace(&url($fn));
+    if ($env{'request.course.id'}) {
+        my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+        my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+        if ($href eq "/priv/$cdom/$cnum/") {
+            $text = 'Course Authoring Space';
+            $title = 'Course Authoring Space File Operation',
+            $crsauthor = 1;
+        }
+    }
     &Apache::lonhtmlcommon::clear_breadcrumbs();
     &Apache::lonhtmlcommon::add_breadcrumb({
-        'text'  => 'Authoring Space',
-        'href'  => &Apache::loncommon::authorspace($fn),
+        'text'  => $text,
+        'href'  => $href,
     });
     &Apache::lonhtmlcommon::add_breadcrumb({
         'text'  => 'File Operation',
-        'title' => 'Authoring Space File Operation',
+        'title' => $title,
         'href'  => '',
     });
 
-    $r->print(&Apache::loncommon::start_page('Authoring Space File Operation',
+    $r->print(&Apache::loncommon::start_page($title,
 					     $js,
 					     {'add_entries' => \%loaditem,})
              .&Apache::lonhtmlcommon::breadcrumbs()
@@ -1524,10 +1557,12 @@ function writeDone() {
     $r->print('<p>'.&mt('Location').': '.&display($fn).'</p>');
   
     if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) {
-        $r->print('<p class="LC_info">'
-                 .&mt('Co-Author [_1]',$uname.':'.$udom)
-                 .'</p>'
-        );
+        unless ($crsauthor) {  
+            $r->print('<p class="LC_info">'
+                     .&mt('Co-Author [_1]',$uname.':'.$udom)
+                     .'</p>'
+            );
+        }
     }
 
 
@@ -1551,6 +1586,25 @@ function writeDone() {
 	'Select Action'   => 'New Resource',
     );
     if ($action{$env{'form.action'}}) {
+        if ($crsauthor) {
+            my @disallowed = qw(page sequence rights library);
+            my $newtype;
+            if ($env{'form.action'} =~ /^new(\w+)file$/) {
+                $newtype = $1;
+            } elsif ($env{'form.action'} eq 'newfile') {
+                ($newtype) = ($env{'form.newfilename'} =~ m{\.([^/.]+)$});
+                $newtype = lc($newtype);
+            }
+            if (($newtype ne '') &&
+                (grep(/^\Q$newtype\E$/,@disallowed))) {
+                $r->print('<p class="LC_error">'
+                         .&mt('Creation of a new file of type: [_1] is not permitted in Course Authoring Space',$newtype)
+                         .'</p>'
+                         .&Apache::loncommon::end_page()
+                );
+                return OK;
+            }
+        }
         $r->print('<h2>'.$action{$env{'form.action'}}.'</h2>');
     } else {
         $r->print('<p class="LC_error">'