--- loncom/publisher/loncfile.pm	2004/06/10 18:20:16	1.57
+++ loncom/publisher/loncfile.pm	2005/04/07 04:46:36	1.66
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.57 2004/06/10 18:20:16 albertel Exp $
+# $Id: loncfile.pm,v 1.66 2005/04/07 04:46:36 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -289,11 +289,27 @@ sub checksuffix {
 }
 
 sub cleanDest {
-    my ($request,$dest)=@_;
+    my ($request,$dest,$subdir,$fn,$uname)=@_;
     #remove bad characters
+    my $foundbad=0;
+    if ($subdir && $dest =~/\./) {
+	$foundbad=1;
+	$dest=~s/\.//g;
+    }
     if  ($dest=~/[\#\?&%\"]/) {
+	$foundbad=1;
+	$dest=~s/[\#\?&%\"]//g;
+    }
+    if ($dest=~m|/|) {
+	my ($newpath)=($dest=~m|(.*)/|);
+	$newpath=&relativeDest($fn,$newpath,$uname);
+	if (! -d "$newpath") {
+	    $request->print("<p><font color=\"red\">".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"<tt>'.$newpath.'</tt>"')."</font></p>");
+	    $dest=~s|.*/||;
+	}
+    }
+    if ($foundbad) {
 	$request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>");
-	$dest=~s/[\#\?&%]//g;
     }
     return $dest;
 }
@@ -750,7 +766,9 @@ performed and reported to the user.
 sub phaseone {
     my ($r,$fn,$uname,$udom)=@_;
   
-    my $newfilename=&cleanDest($r,$ENV{'form.newfilename'});
+    my $doingdir=0;
+    if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; }
+    my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir,$fn,$uname);
     $newfilename=&relativeDest($fn,$newfilename,$uname);
     $r->print('<form action="/adm/cfile" method="post">'.
 	      '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.
@@ -784,8 +802,10 @@ sub phaseone {
 	      $ENV{'form.action'} eq 'newsequencefile' ||
 	      $ENV{'form.action'} eq 'newrightsfile' ||
 	      $ENV{'form.action'} eq 'newstyfile' ||
+              $ENV{'form.action'} eq 'newlibraryfile' ||
 	      $ENV{'form.action'} eq 'Select Action') {
-	if ($newfilename) {
+        my $empty=&mt('Type Name Here');
+	if (($newfilename!~/\/$/) && ($newfilename!~/$empty$/)) {
 	    &NewFile1($r, $uname, $udom, $fn, $newfilename);
 	} else {
 	    $r->print('<p>'.&mt('No new filename specified.').'</p></form>');
@@ -978,11 +998,16 @@ sub Copy2 {
 	unless (copy($oldfile, $newfile)) {
 	    $request->print('<font color="red"> '.&mt('copy Error').': '.$!.'</font>');
 	    return 0;
+	} elsif (!chmod(0660, $newfile)) {
+	    $request->print('<font color="red"> '.&mt('chmod error').': '.$!.'</font>');
+	    return 0;
+	} elsif (-e $oldfile.'.meta' && 
+		 !copy($oldfile.'.meta', $newfile.'.meta') &&
+		 !chmod(0660, $newfile.'.meta')) {
+	    $request->print('<font color="red"> '.&mt('copy metadata error').
+			    ': '.$!.'</font>');
+	    return 0;
 	} else {
-	    unless (chmod(0660, $newfile)) {
-		$request->print('<font color="red"> '.&mt('chmod error').': '.$!.'</font>');
-		return 0;
-	    }
 	    return 1;
 	}
     } else {
@@ -1086,7 +1111,7 @@ sub phasetwo {
 	$main=$2;		# Filename.
     }
     if($main=~m:\.(\w+)$:){ # Fixes problems with filenames with no extensions
-	$main=$`; #This is what is before the match (.) so it's just the main filename, yea it's nasty
+	$main=~s/\.\w+$//; #strip the extension
 	$suffix=$1; #This is the actually filename extension if it exists
     }
     my $dest;                   # On success this is where we'll go.
@@ -1102,13 +1127,13 @@ sub phasetwo {
     
     # Select the appropriate processing sub.
     if ($ENV{'form.action'} eq 'decompress') { 
-	$main .= '.';
-	$main .= $suffix;
+	$main .= '.'.$suffix;
 	if(!&decompress2($r, $uname, $dir, $main)) {
 	    return ;
 	}
 	$dest = $dir."/.";
-    } elsif ($ENV{'form.action'} eq 'rename') { # Rename.
+    } elsif ($ENV{'form.action'} eq 'rename' ||
+	     $ENV{'form.action'} eq 'move') {
 	if($ENV{'form.newfilename'}) {
 	    if (!defined($dir)) {
 		$fn=~m:^(.*)/:;
@@ -1156,6 +1181,7 @@ sub handler {
 
     $r=shift;
 
+    &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress','action','filename','newfilename']);
 
     &Debug($r, "loncfile.pm - handler entered");
     &Debug($r, " filename: ".$ENV{'form.filename'});
@@ -1174,7 +1200,6 @@ sub handler {
     }  elsif($ENV{'QUERY_STRING'} && $ENV{'form.phase'} ne 'two') {  
 	#Just hijack the script only the first time around to inject the
 	#correct information for further processing
-	&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['decompress']);
 	$fn=&Apache::lonnet::unescape($ENV{'form.decompress'});
 	$fn=&URLToPath($fn);
 	$ENV{'form.action'}="decompress";
@@ -1262,6 +1287,7 @@ function writeDone() {
 	     $ENV{'form.action'} eq 'newsequencefile' ||
 	     $ENV{'form.action'} eq 'newrightsfile' ||
 	     $ENV{'form.action'} eq 'newstyfile' ||
+             $ENV{'form.action'} eq 'newlibraryfile' ||
 	     $ENV{'form.action'} eq 'Select Action' ) {
 	$r->print('<h3>'.&mt('New Resource').'</h3>');
     } else {