|
version 1.28, 2010/12/14 16:26:04
|
version 1.28.2.1, 2011/11/07 15:18:13
|
|
Line 77 sub handler {
|
Line 77 sub handler {
|
| &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, |
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, |
| ['filename','versiontwo', |
['filename','versiontwo', |
| 'versionone','filetwo']); |
'versionone','filetwo']); |
| # Get the files |
|
| |
|
| |
# Check permissions |
| |
my $allowed=0; |
| my $cuname=$env{'user.name'}; |
my $cuname=$env{'user.name'}; |
| my $cudom=$env{'user.domain'}; |
my $cudom=$env{'user.domain'}; |
| |
|
| if ($env{'form.filename'}=~/^\/res\//) { |
if ($env{'form.filename'}=~ m{^/res/}) { |
| ($cudom,$cuname,$env{'form.filename'})= |
if (&Apache::lonnet::allowed('bre',$env{'form.filename'})) { |
| ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)/(.*)$}); |
if ($env{'request.course.id'}) { |
| |
if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) { |
| |
$allowed = 1; |
| |
} |
| |
} else { |
| |
$allowed = 1; |
| |
} |
| |
} elsif (&Apache::lonnet::allowed('bro',$env{'form.filename'})) { |
| |
$allowed = 1; |
| |
} |
| |
if ($allowed) { |
| |
($cudom,$cuname,$env{'form.filename'})= |
| |
($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$}); |
| |
|
| |
if (($env{'form.versionone'} eq 'priv') || ($env{'form.versiontwo'} eq 'priv')) { |
| |
my ($cstrname,$cstrdom) = |
| |
&Apache::loncacc::constructaccess("/priv/$cuname".$env{'form.filename'},$cudom); |
| |
unless (($cstrname eq $cuname) && ($cstrdom eq $cudom)) { |
| |
$allowed = 0; |
| |
} |
| |
} |
| |
} |
| } else { |
} else { |
| unless (($cuname,$cudom)= |
($cuname,$cudom)= |
| &Apache::loncacc::constructaccess($env{'form.filename'}, |
&Apache::loncacc::constructaccess($env{'form.filename'}, |
| $r->dir_config('lonDefDomain'))) { |
$r->dir_config('lonDefDomain')); |
| $r->log_reason($cuname.':'.$cudom. |
if ($cuname ne '' && $cudom ne '') { |
| ' trying to get diffs file '.$env{'form.filename'}. |
$allowed = 1; |
| ' - not authorized', |
} else { |
| $r->filename); |
$r->log_reason($env{'user.name'}.':'.$env{'user.domain'}. |
| return HTTP_NOT_ACCEPTABLE; |
' trying to get diffs file '.$env{'form.filename'}. |
| } |
' - not authorized', |
| |
$r->filename); |
| |
} |
| |
} |
| |
unless ($allowed) { |
| |
return HTTP_NOT_ACCEPTABLE; |
| } |
} |
| |
|
| |
# Get the files |
| |
|
| my $efn=$env{'form.filename'}; |
my $efn=$env{'form.filename'}; |
| |
|
| $efn=~s{/\~($LONCAPA::username_re)}{}g; |
$efn=~s{/\~($LONCAPA::username_re)}{}g; |
![[BACK]](/icons/back.gif){kind=icon}
Return to londiff.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / publisher