--- loncom/publisher/loncfile.pm 2008/05/27 17:33:28 1.89 +++ loncom/publisher/loncfile.pm 2009/05/14 14:24:18 1.98 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.89 2008/05/27 17:33:28 www Exp $ +# $Id: loncfile.pm,v 1.98 2009/05/14 14:24:18 bisitz Exp $ # # Copyright Michigan State University Board of Trustees # @@ -159,7 +159,7 @@ sub URLToPath { my $Url = shift; &Debug($r, "UrlToPath got: $Url"); $Url=~ s/\/+/\//g; - $Url=~ s/^http\:\/\/[^\/]+//; + $Url=~ s/^https?\:\/\/[^\/]+//; $Url=~ s/^\///; $Url=~ s/(\~|priv\/)($match_username)\//\/home\/$2\/public_html\//; &Debug($r, "Returning $Url \n"); @@ -361,13 +361,20 @@ sub cleanDest { my ($newpath)=($dest=~m|(.*)/|); $newpath=&relativeDest($fn,$newpath,$uname); if (! -d "$newpath") { - $request->print("

".&mt('You have requested to create file in directory [_1] which doesn\'t exist. The requested directory path has been removed from the requested file name.','"'.&display($newpath).'"')."

"); + $request->print('

' + .&mt("You have requested to create file in directory [_1] which doesn't exist. The requested directory path has been removed from the requested file name." + ,'"'.&display($newpath).'"') + .'

'); $dest=~s|.*/||; } } if ($dest =~ /\.(\d+)\.(\w+)$/){ $request->print('' - .&mt('Bad filename [_1].
(name).(number).(extension) not allowed.
Removing the .number. from requested filename.',&display($dest)) + .&mt('Bad filename [_1]',''.&display($dest).'') + .'
' + .&mt('[_1](name).(number).(extension)[_2] not allowed.','','') + .'
' + .&mt('Removing the [_1].number.[_2] from requested filename.','','') .''); $dest =~ s/\.(\d+)(\.\w+)$/$2/; } @@ -416,7 +423,7 @@ sub CloseForm1 { my ($request, $fn) = @_; $request->print('

'); $request->print('

'); + '" method="post">

'); } @@ -581,7 +588,7 @@ sub Delete1 { if( -e $fn) { $request->print(''); + $fn.'" />'); if (-d $fn) { unless (&empty_directory($fn,'Delete1')) { $request->print('

'.&mt('Only empty directories may be deleted.').'

'. @@ -711,9 +718,9 @@ sub NewDir1 { $request->print(''); } else { if ($mode eq 'testbank') { - $request->print(''); + $request->print(''); } elsif ($mode eq 'imsimport') { - $request->print(''); + $request->print(''); } $request->print('

'.&mt('Make new directory').' '. @@ -726,7 +733,7 @@ sub NewDir1 { sub Decompress1 { my ($request, $user, $domain, $fn) = @_; if( -e $fn) { - $request->print(''); + $request->print(''); $request->print('

'.&mt('Decompress').' '.&display($fn).'?

'); &CloseForm1($request, $fn); } else { @@ -776,23 +783,10 @@ button which returns you to the driector sub NewFile1 { my ($request, $user, $domain, $fn, $newfilename) = @_; + return if (&filename_check($newfilename) ne 'ok'); if ($env{'form.action'} =~ /new(.+)file/) { my $extension=$1; - - ##Informs User (name).(number).(extension) not allowed - if($newfilename =~ /\.(\d+)\.(\w+)$/){ - $r->print(''.$newfilename. - ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').') '. - ' '.&mt('Not Allowed').''); - return; - } - if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){ - $r->print(''.$newfilename. - ' - '.&mt('Bad Filename').'
('.&mt('Must not include').' '.$1.') '. - ' '.&mt('Not Allowed').''); - return; - } if ($newfilename !~ /\Q.$extension\E$/) { if ($newfilename =~ m|/[^/.]*\.(?:[^/.]+)$|) { #already has an extension strip it and add in expected one @@ -806,14 +800,57 @@ sub NewFile1 { if ($type eq 'error') { $request->print(''); } else { - + my $extension; + + if ($newfilename =~ m{[^/.]+\.([^/.]+)$}) { + $extension = $1; + } + + my @okexts = qw(xml html xhtml htm xhtm problem page sequence rights sty library js css txt); + if (($extension eq '') || (!grep(/^\Q$extension\E/,@okexts))) { + my $validexts = '.'.join(', .',@okexts); + $request->print('

'. + &mt('Invalid filename: ').&display($newfilename).'

'. + &mt('The name of the new file needs to end with an appropriate file extension to indicate the type of file to create.').'
'. + &mt('The following are valid extensions: [_1].',$validexts). + '

'. + '

'. + ''. + ''. + ''.&mt('Enter a file name: ').' '. + '

'. + '

'); + return; + } + $request->print('

'.&mt('Make new file').' '.&display($newfilename).'?

'); $request->print(''); + $request->print('

'); + '" method="post">

'); $request->print('

'); + '" method="post">

'); + } + return; +} + +sub filename_check { + my ($newfilename) = @_; + ##Informs User (name).(number).(extension) not allowed + if($newfilename =~ /\.(\d+)\.(\w+)$/){ + $r->print(''.$newfilename. + ' - '.&mt('Bad Filename').'
('.&mt('name').').('.&mt('number').').('.&mt('extension').') '. + ' '.&mt('Not Allowed').''); + return; + } + if($newfilename =~ /(\:\:\:|\&\&\&|\_\_\_)/){ + $r->print(''.$newfilename. + ' - '.&mt('Bad Filename').'
('.&mt('Must not include').' '.$1.') '. + ' '.&mt('Not Allowed').''); + return; } + return 'ok'; } =pod @@ -1341,10 +1378,9 @@ sub handler { $js = qq| |; @@ -1358,8 +1394,10 @@ function writeDone() { $r->print('

'.&mt('Location').': '.&display($fn).'

'); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - $r->print('

'.&mt('Co-Author').': '.$uname.' at '.$udom. - '

'); + $r->print('

' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'

' + ); }