--- loncom/publisher/londiff.pm 2011/11/07 15:18:13 1.28.2.1 +++ loncom/publisher/londiff.pm 2011/10/23 23:46:07 1.29 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to show differences between file versions # -# $Id: londiff.pm,v 1.28.2.1 2011/11/07 15:18:13 raeburn Exp $ +# $Id: londiff.pm,v 1.29 2011/10/23 23:46:07 www Exp $ # # Copyright Michigan State University Board of Trustees # @@ -77,55 +77,26 @@ sub handler { &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, ['filename','versiontwo', 'versionone','filetwo']); +# Get the files -# Check permissions - my $allowed=0; my $cuname=$env{'user.name'}; my $cudom=$env{'user.domain'}; - if ($env{'form.filename'}=~ m{^/res/}) { - if (&Apache::lonnet::allowed('bre',$env{'form.filename'})) { - if ($env{'request.course.id'}) { - if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) { - $allowed = 1; - } - } else { - $allowed = 1; - } - } elsif (&Apache::lonnet::allowed('bro',$env{'form.filename'})) { - $allowed = 1; - } - if ($allowed) { - ($cudom,$cuname,$env{'form.filename'})= - ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)(/.*)$}); - - if (($env{'form.versionone'} eq 'priv') || ($env{'form.versiontwo'} eq 'priv')) { - my ($cstrname,$cstrdom) = - &Apache::loncacc::constructaccess("/priv/$cuname".$env{'form.filename'},$cudom); - unless (($cstrname eq $cuname) && ($cstrdom eq $cudom)) { - $allowed = 0; - } - } - } + if ($env{'form.filename'}=~/^\/res\//) { + ($cudom,$cuname,$env{'form.filename'})= + ($env{'form.filename'}=~m{^/res/($LONCAPA::domain_re)/($LONCAPA::username_re)/(.*)$}); } else { - ($cuname,$cudom)= - &Apache::loncacc::constructaccess($env{'form.filename'}, - $r->dir_config('lonDefDomain')); - if ($cuname ne '' && $cudom ne '') { - $allowed = 1; - } else { - $r->log_reason($env{'user.name'}.':'.$env{'user.domain'}. - ' trying to get diffs file '.$env{'form.filename'}. - ' - not authorized', - $r->filename); - } - } - unless ($allowed) { - return HTTP_NOT_ACCEPTABLE; + unless (($cuname,$cudom)= + &Apache::loncacc::constructaccess($env{'form.filename'}, + $r->dir_config('lonDefDomain'))) { + $r->log_reason($cuname.':'.$cudom. + ' trying to get diffs file '.$env{'form.filename'}. + ' - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; + } } - -# Get the files - + my $efn=$env{'form.filename'}; $efn=~s{/\~($LONCAPA::username_re)}{}g; @@ -156,7 +127,7 @@ sub handler { || $efn =~ /\.meta$/) { $r->print('

'); if ($env{'form.versionone'} eq 'priv') { - my $fn='/home/'.$cuname.'/public_html/'.$efn; + my $fn='/home/httpd/html/priv/'.$cudom.'/'.$cuname.'/'.$efn; @f1=&get_split_file($fn,'local'); $r->print(''.&mt('Construction Space Version').''); } else { @@ -182,11 +153,11 @@ sub handler { if ($env{'form.filetwo'}) { my $efn2=$env{'form.filetwo'}; $efn2=~s{/\~($LONCAPA::username_re)}{}g; - my $fn='/home/'.$cuname.'/public_html/'.$efn2; + my $fn='/home/httpd/html/priv/'.$cudom.'/'.$cuname.'/'.$efn2; @f2=&get_split_file($fn,'local'); $r->print(''.$efn2.''); } elsif ($env{'form.versiontwo'} eq 'priv') { - my $fn='/home/'.$cuname.'/public_html/'.$efn; + my $fn='/home/httpd/html/priv/'.$cudom.'/'.$cuname.'/'.$efn; @f2=&get_split_file($fn,'local'); $r->print(''.&mt('Construction Space Version').''); } else {