--- loncom/publisher/loncfile.pm	2002/09/02 20:06:57	1.17
+++ loncom/publisher/loncfile.pm	2002/10/28 23:23:41	1.19
@@ -10,7 +10,7 @@
 # 
 
 #
-# $Id: loncfile.pm,v 1.17 2002/09/02 20:06:57 harris41 Exp $
+# $Id: loncfile.pm,v 1.19 2002/10/28 23:23:41 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -88,6 +88,7 @@ use strict;
 use Apache::File;
 use File::Basename;
 use File::Copy;
+use HTML::Entities();
 use Apache::Constants qw(:common :http :methods);
 use Apache::loncacc;
 use Apache::Log ();
@@ -492,10 +493,11 @@ sub Rename1 {
 	    my $newfilename = $ENV{'form.newfilename'};
 	    $request->print(&checksuffix($filename, $newfilename));
 	    $request->print(&exists($user, $domain, $dir, $newfilename));
+	    my $dest=&SimplifyDir($dir,$newfilename);
 	    $request->print('<input type=hidden name=newfilename value="'.
 			    $newfilename.
-			    '"><p>Rename <tt>'.$filename.'</tt> to <tt>'.
-			    $dir.'/'.$newfilename.'</tt>?</p>');
+			    '"><p>Rename <tt>'.$filename.'</tt><br /> to <tt>'.
+			    $dest.'</tt>?</p>');
 	    &CloseForm1($request, $cancelurl);
 	} else {
 	    $request->print('<p>No new filename specified</p></form>');
@@ -586,14 +588,14 @@ sub Copy1 {
   $cancelurl    =~ s/\/public_html//;
     
 
-
   if(-e $filename) {
     $request->print(&checksuffix($filename,$newfilename));
     $request->print(&exists($user, $domain, $dir, $newfilename));
+    my $dest=&SimplifyDir($dir,$newfilename);
     $request->print('<input type = hidden name = newfilename value = "'.
 		    $dir.'/'.$newfilename.
-		    '"><p>Copy <tt>'.$filename.'</tt> to'.
-		    '<tt>'.$dir.'/'.$newfilename.'</tt>/?</p>');
+		    '"><p>Copy <tt>'.$filename.'</tt><br />  to '.
+		    '<tt>'.$dest.'</tt>?</p>');
     &CloseForm1($request, $cancelurl);
   } else {
     $request->print('<p>No such file <tt>'.$filename.'</p></form>');
@@ -602,6 +604,34 @@ sub Copy1 {
 
 =pod
 
+=item SimplifyDir
+
+  Removes all extra / and all .. references
+
+Parameters:
+
+=over 4
+
+=item $dir - string [in] a directory name
+
+=item $file - string [in] a file reference relative to $dir
+
+=back
+
+Results: the concatenated path.
+
+=cut
+
+sub SimplifyDir {
+    my ($dir,$file) = @_;
+    my $location = $dir. '/'.$file;
+    $location=~s://+:/:g; # remove duplicate /
+    while ($location=~m:/\.\./:) {$location=~s:/[^/]+/\.\./:/:g;}#remove dir/..
+    return $location;
+}
+
+=pod
+
 =item NewDir1
  
   Does all phase 1 processing of directory creation:
@@ -1019,9 +1049,9 @@ sub phasetwo {
     $dest =~ s/\/home\//\/priv\//;
     $dest =~ s/\/public_html//;
     
-    my $base = &Apache::lonnet::escape(&File::Basename::basename($dest));
+    my $base = &File::Basename::basename($dest);
     my $dpath= &File::Basename::dirname($dest);
-    $dest = $dpath.'/'.$base;
+    $dest = &HTML::Entities::encode($dpath.'/'.$base);
 
 
     &Debug($r, "Final url after rewrite: $dest");