--- loncom/publisher/lonpublisher.pm 2011/11/07 13:38:45 1.267.2.1
+++ loncom/publisher/lonpublisher.pm 2011/10/22 15:16:20 1.268
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Publication Handler
#
-# $Id: lonpublisher.pm,v 1.267.2.1 2011/11/07 13:38:45 raeburn Exp $
+# $Id: lonpublisher.pm,v 1.268 2011/10/22 15:16:20 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2087,59 +2087,34 @@ sub handler {
# -------------------------------------------------------------- Check filename
my $fn=&unescape($env{'form.filename'});
+ ($cuname,$cudom)=&Apache::loncacc::constructaccess($fn);
+# ----------------------------------------------------- Do we have permissions?
+ unless (($cuname) && ($cudom)) {
+ $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
+ ' trying to publish file '.$env{'form.filename'}.
+ ' - not authorized',
+ $r->filename);
+ return HTTP_NOT_ACCEPTABLE;
+ }
+# ----------------------------------------------------------------- Get docroot
+ $docroot=$r->dir_config('lonDocRoot');
- ($cuname,$cudom)=
- &Apache::loncacc::constructaccess($fn,$r->dir_config('lonDefDomain'));
# special publication: default.meta file
if ($fn=~/\/default.meta$/) {
return &defaultmetapublish($r,$fn,$cuname,$cudom);
}
$fn=~s/\.meta$//;
-
+
+# sanity test on the filename
+
unless ($fn) {
$r->log_reason($cuname.' at '.$cudom.
' trying to publish empty filename', $r->filename);
return HTTP_NOT_FOUND;
}
- unless (($cuname) && ($cudom)) {
- $r->log_reason($cuname.' at '.$cudom.
- ' trying to publish file '.$env{'form.filename'}.
- ' ('.$fn.') - not authorized',
- $r->filename);
- return HTTP_NOT_ACCEPTABLE;
- }
-
- my $home=&Apache::lonnet::homeserver($cuname,$cudom);
- my $allowed=0;
- my @ids=&Apache::lonnet::current_machine_ids();
- foreach my $id (@ids) { if ($id eq $home) { $allowed = 1; } }
- unless ($allowed) {
- $r->log_reason($cuname.' at '.$cudom.
- ' trying to publish file '.$env{'form.filename'}.
- ' ('.$fn.') - not homeserver ('.$home.')',
- $r->filename);
- return HTTP_NOT_ACCEPTABLE;
- }
-
- $fn=~s{^http://[^/]+}{};
- $fn=~s{^/~($match_username)}{/home/$1/public_html};
-
- my $targetdir='';
- $docroot=$r->dir_config('lonDocRoot');
- if ($1 ne $cuname) {
- $r->log_reason($cuname.' at '.$cudom.
- ' trying to publish unowned file '.
- $env{'form.filename'}.' ('.$fn.')',
- $r->filename);
- return HTTP_NOT_ACCEPTABLE;
- } else {
- $targetdir=$docroot.'/res/'.$cudom;
- }
-
-
- unless (-e $fn) {
+ unless (-e $docroot.$fn) {
$r->log_reason($cuname.' at '.$cudom.
' trying to publish non-existing file '.
$env{'form.filename'}.' ('.$fn.')',
@@ -2191,34 +2166,21 @@ sub handler {
$r->print(&Apache::loncommon::start_page('Resource Publication',$js)
.&Apache::lonhtmlcommon::breadcrumbs()
.&Apache::loncommon::head_subbox(
- &Apache::loncommon::CSTR_pageheader($fn))
+ &Apache::loncommon::CSTR_pageheader()) # FIXME crumbs broken?
);
-
- my $thisfn=$fn;
-
- my $thistarget=$thisfn;
-
- $thistarget=~s/^\/home/$targetdir/;
- $thistarget=~s/\/public\_html//;
-
- my $thisdistarget=$thistarget;
- $thisdistarget=~s/^\Q$docroot\E//;
-
- my $thisdisfn=$thisfn;
- $thisdisfn=~s/^\/home\/\Q$cuname\E\/public_html\///;
+ my $thisdisfn=&HTML::Entities::encode($fn,'<>&"');
+ my $thistarget=$fn;
+ $thistarget=~s/^\/priv\//\/res\//;
+ my $thisdistarget=&HTML::Entities::encode($thistarget,'<>&"');
if ($fn=~/\/$/) {
# -------------------------------------------------------- This is a directory
&publishdirectory($r,$fn,$thisdisfn);
- $r->print('
'.&mt('Return to Directory').'');
-
-
+ $r->print('
'.&mt('Return to Directory').'');
} else {
# ---------------------- Evaluate individual file, and then output information.
- $thisfn=~/\.(\w+)$/;
+ $fn=~/\.(\w+)$/;
my $thistype=$1;
my $thisembstyle=&Apache::loncommon::fileembstyle($thistype);
if ($thistype eq 'page') { $thisembstyle = 'rat'; }
@@ -2242,7 +2204,7 @@ sub handler {
.''
);
$r->print(<
+
$thisdisfn
ENDCAPTION
$r->print(''
@@ -2265,7 +2227,7 @@ ENDCAPTION
$r->print(&Apache::lonhtmlcommon::row_closure()
.&Apache::lonhtmlcommon::row_title(&mt('Diffs')));
$r->print(<
+
ENDDIFF
$r->print(&mt('Diffs with Current Version').'');
}
@@ -2274,17 +2236,17 @@ ENDDIFF
.&Apache::lonhtmlcommon::end_pick_box()
);
-# ------------------ Publishing from $thisfn to $thistarget with $thisembstyle.
+# ---------------------- Publishing from $fn to $thistarget with $thisembstyle.
unless ($env{'form.phase'} eq 'two') {
# ---------------------------------------------------------- Parse for problems
my ($warningcount,$errorcount);
if ($thisembstyle eq 'ssi') {
- ($warningcount,$errorcount)=&checkonthis($r,$thisfn);
+ ($warningcount,$errorcount)=&checkonthis($r,$fn);
}
unless ($errorcount) {
my ($outstring,$error)=
- &publish($thisfn,$thistarget,$thisembstyle);
+ &publish($fn,$thistarget,$thisembstyle);
$r->print($outstring);
} else {
$r->print(''.
@@ -2292,7 +2254,7 @@ ENDDIFF
'
');
}
} else {
- &phasetwo($r,$thisfn,$thistarget,$thisembstyle,$thisdistarget);
+ &phasetwo($r,$fn,$thistarget,$thisembstyle,$thisdistarget);
}
}
$r->print(&Apache::loncommon::end_page());