--- loncom/publisher/loncfile.pm 2004/06/10 18:20:16 1.57 +++ loncom/publisher/loncfile.pm 2004/08/24 15:53:21 1.61 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.57 2004/06/10 18:20:16 albertel Exp $ +# $Id: loncfile.pm,v 1.61 2004/08/24 15:53:21 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -289,11 +289,19 @@ sub checksuffix { } sub cleanDest { - my ($request,$dest)=@_; + my ($request,$dest,$subdir)=@_; #remove bad characters + my $foundbad=0; + if ($subdir && $dest =~/\./) { + $foundbad=1; + $dest=~s/\.//g; + } if ($dest=~/[\#\?&%\"]/) { + $foundbad=1; + $dest=~s/[\#\?&%\"]//g; + } + if ($foundbad) { $request->print("

".&mt('Invalid characters in requested name have been removed.')."

"); - $dest=~s/[\#\?&%]//g; } return $dest; } @@ -750,7 +758,9 @@ performed and reported to the user. sub phaseone { my ($r,$fn,$uname,$udom)=@_; - my $newfilename=&cleanDest($r,$ENV{'form.newfilename'}); + my $doingdir=0; + if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; } + my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir); $newfilename=&relativeDest($fn,$newfilename,$uname); $r->print('
'. ''. @@ -978,11 +988,16 @@ sub Copy2 { unless (copy($oldfile, $newfile)) { $request->print(' '.&mt('copy Error').': '.$!.''); return 0; + } elsif (!chmod(0660, $newfile)) { + $request->print(' '.&mt('chmod error').': '.$!.''); + return 0; + } elsif (-e $oldfile.'.meta' && + !copy($oldfile.'.meta', $newfile.'.meta') && + !chmod(0660, $newfile.'.meta')) { + $request->print(' '.&mt('copy metadata error'). + ': '.$!.''); + return 0; } else { - unless (chmod(0660, $newfile)) { - $request->print(' '.&mt('chmod error').': '.$!.''); - return 0; - } return 1; } } else { @@ -1156,6 +1171,7 @@ sub handler { $r=shift; + &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress','action','filename','newfilename']); &Debug($r, "loncfile.pm - handler entered"); &Debug($r, " filename: ".$ENV{'form.filename'}); @@ -1174,7 +1190,6 @@ sub handler { } elsif($ENV{'QUERY_STRING'} && $ENV{'form.phase'} ne 'two') { #Just hijack the script only the first time around to inject the #correct information for further processing - &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress']); $fn=&Apache::lonnet::unescape($ENV{'form.decompress'}); $fn=&URLToPath($fn); $ENV{'form.action'}="decompress";