--- loncom/publisher/lonupload.pm 2004/02/17 15:23:53 1.25 +++ loncom/publisher/lonupload.pm 2005/04/07 06:56:27 1.29 @@ -2,7 +2,7 @@ # The LearningOnline Network with CAPA # Handler to upload files into construction space # -# $Id: lonupload.pm,v 1.25 2004/02/17 15:23:53 raeburn Exp $ +# $Id: lonupload.pm,v 1.29 2005/04/07 06:56:27 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -41,6 +41,7 @@ use Apache::Log(); use Apache::lonnet; use HTML::Entities(); use Apache::lonlocal; +use Apache::lonnet; my $DEBUG=0; @@ -62,17 +63,17 @@ sub Debug { sub upfile_store { my $r=shift; - my $fname=$ENV{'form.upfile.filename'}; + my $fname=$env{'form.upfile.filename'}; $fname=~s/\W//g; - chomp($ENV{'form.upfile'}); + chomp($env{'form.upfile'}); - my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}. + my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}. '_upload_'.$fname.'_'.time.'_'.$$; { my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons'). '/tmp/'.$datatoken.'.tmp'); - print $fh $ENV{'form.upfile'}; + print $fh $env{'form.upfile'}; } return $datatoken; } @@ -86,12 +87,12 @@ sub phaseone { } elsif ($mode eq 'imsimport') { $action = '/adm/imsimport'; } - $ENV{'form.upfile.filename'}=~s/\\/\//g; - $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/; - if ($ENV{'form.upfile.filename'}) { + $env{'form.upfile.filename'}=~s/\\/\//g; + $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/; + if ($env{'form.upfile.filename'}) { $fn=~s/\/[^\/]+$//; $fn=~s/([^\/])$/$1\//; - $fn.=$ENV{'form.upfile.filename'}; + $fn.=$env{'form.upfile.filename'}; $fn=~s/^\///; $fn=~s/(\/)+/\//g; @@ -100,7 +101,7 @@ sub phaseone { &Debug($r, "Filename for upload: $fn"); if (($fn) && ($fn!~/\/$/)) { - $r->print('
'. + $r->print(''. ''. ''. @@ -165,12 +166,12 @@ sub phasetwo { # target is the full filesystem path of the destination file. my $base = &File::Basename::basename($fn); my $path = &File::Basename::dirname($fn); - $base = &HTML::Entities::encode($base); + $base = &HTML::Entities::encode($base,'<>&"'); my $url = $path."/".$base; &Debug($r, "URL is now ".$url); - my $datatoken=$ENV{'form.datatoken'}; + my $datatoken=$env{'form.datatoken'}; if (($fn) && ($datatoken)) { - if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) { + if ((-e $target) && ($env{'form.override'} ne 'Yes')) { $r->print(''. &mt('File').' '.$fn.' '. &mt('exists. Overwrite?').' '. @@ -180,6 +181,8 @@ sub phasetwo { '
'); } else { my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; + my $dirpath=$path.'/'; + $dirpath=~s/\/+/\//g; # Check for bad extension and disallow upload if ($fn=~/\.(\w+)$/ && (&Apache::loncommon::fileembstyle($1) eq 'hdn')) { @@ -188,7 +191,7 @@ sub phasetwo { ''. &mt('The extension on this file is reserved internally by LON-CAPA.'). ''); - $r->print('
'. + $r->print('
'. &mt('Back to Directory').''); } elsif ($fn=~/\.(\w+)$/ && !defined(&Apache::loncommon::fileembstyle($1))) { @@ -197,14 +200,14 @@ sub phasetwo { ''. &mt('The extension on this file is not recognized by LON-CAPA.'). ''); - $r->print('
'. + $r->print('
'. &mt('Back to Directory').''); } elsif (-d $target) { $r->print('File '.$fn.' could not be copied.
'. ''. &mt('The target is an existing directory.'). '
'); - $r->print(''. + $r->print(''. &mt('Back to Directory').''); } elsif (copy($source,$target)) { chmod(0660, $target); # Set permissions to rw-rw---. @@ -215,7 +218,7 @@ sub phasetwo { $r->print(&mt('File copied.')); $r->print('
'. &mt('View file').''); - $r->print('
'. + $r->print('
'. &mt('Back to Directory').'
'); } } else { @@ -248,25 +251,25 @@ sub handler { # # phase two: re-attach user # - if ($ENV{'form.uploaduname'}) { - $ENV{'form.filename'}='/priv/'.$ENV{'form.uploaduname'}.'/'. - $ENV{'form.filename'}; + if ($env{'form.uploaduname'}) { + $env{'form.filename'}='/priv/'.$env{'form.uploaduname'}.'/'. + $env{'form.filename'}; } - unless ($ENV{'form.phase'} eq 'two') { + unless ($env{'form.phase'} eq 'two') { $javascript = qq| function verifyForm() { - var mode = document.forms[0].filetype.options[document.forms[0].filetype.selectedIndex].value + var mode = document.fileupload.filetype.options[document.fileupload.filetype.selectedIndex].value if (mode == "testbank") { - document.forms[0].action = "/adm/testbank"; + document.fileupload.action = "/adm/testbank"; } if (mode == "imsimport") { - document.forms[0].action = "/adm/imsimport"; + document.fileupload.action = "/adm/imsimport"; } if (mode == "standard") { - document.forms[0].action = "/adm/upload"; + document.fileupload.action = "/adm/upload"; } - document.forms[0].submit(); + document.fileupload.submit(); } function testbankWin() { @@ -292,25 +295,25 @@ function testbankWin() { |; } ($uname,$udom)= - &Apache::loncacc::constructaccess($ENV{'form.filename'}, + &Apache::loncacc::constructaccess($env{'form.filename'}, $r->dir_config('lonDefDomain')); unless (($uname) && ($udom)) { $r->log_reason($uname.' at '.$udom. - ' trying to publish file '.$ENV{'form.filename'}. + ' trying to publish file '.$env{'form.filename'}. ' - not authorized', $r->filename); return HTTP_NOT_ACCEPTABLE; } my $fn; - if ($ENV{'form.filename'}) { - $fn=$ENV{'form.filename'}; + if ($env{'form.filename'}) { + $fn=$env{'form.filename'}; $fn=~s/^http\:\/\/[^\/]+\///; $fn=~s/^\///; $fn=~s/(\~|priv\/)(\w+)//; $fn=~s/\/+/\//g; } else { - $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}. + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. ' unspecified filename for upload', $r->filename); return HTTP_NOT_FOUND; } @@ -325,12 +328,12 @@ function testbankWin() { $r->print(&Apache::loncommon::bodytag('Upload file to Construction Space')); - if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) { + if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { $r->print('

'.&mt('Co-Author').': '.$uname. &mt(' at ').$udom.'

'); } - if ($ENV{'form.phase'} eq 'two') { + if ($env{'form.phase'} eq 'two') { &phasetwo($r,$fn,$uname,$udom); } else { &phaseone($r,$fn,$uname,$udom);