[BACK]Return to loncfile.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / publisher

Diff for /loncom/publisher/loncfile.pm between versions 1.62 and 1.63

version 1.62, 2004/08/24 21:21:41 version 1.63, 2004/09/10 20:05:03
Line 289  sub checksuffix { Line 289  sub checksuffix {
 }  }
   
 sub cleanDest {  sub cleanDest {
     my ($request,$dest,$subdir)=@_;      my ($request,$dest,$subdir,$fn)=@_;
     #remove bad characters      #remove bad characters
     my $foundbad=0;      my $foundbad=0;
     if ($subdir && $dest =~/\./) {      if ($subdir && $dest =~/\./) {
Line 300  sub cleanDest { Line 300  sub cleanDest {
  $foundbad=1;   $foundbad=1;
  $dest=~s/[\#\?&%\"]//g;   $dest=~s/[\#\?&%\"]//g;
     }      }
       if ($dest=~m|/|) {
    my ($newpath)=($dest=~m|(.*)/|);
    if (! -d "$fn/$newpath") {
       $request->print("<p><font color=\"red\">".&mt('You request to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"<tt>'.$newpath.'</tt>"')."</font></p>");
       $dest=~s|.*/||;
    }
       }
     if ($foundbad) {      if ($foundbad) {
  $request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>");   $request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>");
     }      }
Line 760  sub phaseone { Line 767  sub phaseone {
       
     my $doingdir=0;      my $doingdir=0;
     if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; }      if ($ENV{'form.action'} eq 'newdir') { $doingdir=1; }
     my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir);      my $newfilename=&cleanDest($r,$ENV{'form.newfilename'},$doingdir,$fn);
     $newfilename=&relativeDest($fn,$newfilename,$uname);      $newfilename=&relativeDest($fn,$newfilename,$uname);
     $r->print('<form action="/adm/cfile" method="post">'.      $r->print('<form action="/adm/cfile" method="post">'.
       '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.        '<input type="hidden" name="qualifiedfilename" value="'.$fn.'" />'.
Removed from v.1.62  
changed lines
  Added in v.1.63

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>