loncom/publisher/lonupload.pm - diff

Return to lonupload.pm CVS log

Up to [LON-CAPA] / loncom / publisher

Diff for /loncom/publisher/lonupload.pm between versions 1.52 and 1.70

version 1.52, 2010/12/14 16:26:04	version 1.70, 2019/03/06 03:39:54
Line 1	Line 1

# The LearningOnline Network with CAPA	# The LearningOnline Network with CAPA
# Handler to upload files into construction space	# Handler to upload files into construction space
#	#
Line 126 use Apache::File;	Line 125 use Apache::File;
use File::Copy;	use File::Copy;
use File::Basename;	use File::Basename;
use Apache::Constants qw(:common :http :methods);	use Apache::Constants qw(:common :http :methods);
use Apache::loncacc;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonnet;	use Apache::lonnet;
use HTML::Entities();	use HTML::Entities();
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::lonnet;	use Apache::lonnet;
use LONCAPA();	use LONCAPA qw(:DEFAULT :match);

my $DEBUG=0;	my $DEBUG=0;

Line 152 sub upfile_store {	Line 150 sub upfile_store {

chomp($env{'form.upfile'});	chomp($env{'form.upfile'});

my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.	my $datatoken;
'_upload_'.$fname.'_'.time.'_'.$$;	if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
	$datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
	'_upload_'.$fname.'_'.time.'_'.$$;
	}
	return if ($datatoken eq '');
{	{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').	my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');	'/tmp/'.$datatoken.'.tmp');
Line 163 sub upfile_store {	Line 165 sub upfile_store {
}	}

sub phaseone {	sub phaseone {
my ($r,$fn,$uname,$udom,$mode)=@_;	my ($r,$fn,$mode,$uname,$udom)=@_;
my $action = '/adm/upload';	my $action = '/adm/upload';
if ($mode eq 'testbank') {	if ($mode eq 'testbank') {
$action = '/adm/testbank';	$action = '/adm/testbank';
Line 174 sub phaseone {	Line 176 sub phaseone {
# Check for file to be uploaded	# Check for file to be uploaded
$env{'form.upfile.filename'}=~s/\\/\//g;	$env{'form.upfile.filename'}=~s/\\/\//g;
$env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;	$env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
	$env{'form.upfile.filename'}=~s/(\s+$\|^\s+)//g;
if (!$env{'form.upfile.filename'}) {	if (!$env{'form.upfile.filename'}) {
$r->print('<p class="LC_warning">'.&mt('No upload file specified.').'</p>');	$r->print('<p class="LC_warning">'.&mt('No upload file specified.').'</p>'.
	&earlyout($fn,$uname,$udom));
return;	return;
}	}

$fn=~s/\/[^\/]+$//;	# Append the name of the uploaded file
$fn=~s/([^\/])$/$1\//;
$fn.=$env{'form.upfile.filename'};	$fn.=$env{'form.upfile.filename'};
$fn=~s/^\///;
$fn=~s/(\/)+/\//g;	$fn=~s/(\/)+/\//g;
# Fn is the full path to the destination filename.

# Check for illegal filename	# Check for illegal filename
&Debug($r, "Filename for upload: $fn");	&Debug($r, "Filename for upload: $fn");
Line 192 sub phaseone {	Line 193 sub phaseone {
$r->print('<p class="LC_warning">'.&mt('Illegal filename.').'</p>');	$r->print('<p class="LC_warning">'.&mt('Illegal filename.').'</p>');
return;	return;
}	}
	# Check if quota exceeded
	my $filesize = length($env{'form.upfile'});
	if (!$filesize) {
	$r->print('<p class="LC_warning">'.
	&mt('Unable to upload [_1]. (size = [_2] bytes)',
	'<span class="LC_filename">'.$env{'form.upfile.filename'}.'</span>',
	$filesize).'<br />'.
	&mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'<br />'.
	'</p>'.
	&earlyout($fn,$uname,$udom));
	return;
	}
	$filesize = int($filesize/1000); #expressed in kb
	my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author',
	$env{'form.upfile.filename'},$filesize,'upload');
	if ($output) {
	$r->print($output.&earlyout($fn,$uname,$udom));
	return;
	}

	# Split part that I can change from the part that I cannot change
	my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
	# Check for pattern: .number.extension which is reserved for LON-CAPA versioning.
	# Check for disallowed characters: #?&%:<>`\|, and remove
	if ($fn2 ne '') {
	($fn2,my $warning) = &check_filename($fn2);
	if ($warning ne '') {
	$r->print($warning);
	}
	}
# Display additional options for upload	# Display additional options for upload
# and upload button	# and upload button
$r->print(	$r->print(
'<form action="'.$action.'" method="post" name="fileupload">'	'<form action="'.$action.'" method="post" name="fileupload">'
.'<input type="hidden" name="phase" value="two" />'	.'<input type="hidden" name="phase" value="two" />'
.'<input type="hidden" name="datatoken" value="'.&upfile_store.'" />'	.'<input type="hidden" name="datatoken" value="'.&upfile_store.'" />'
.'<input type="hidden" name="uploaduname" value="'.$uname.'" />'
);	);
$r->print(	$r->print(
&Apache::lonhtmlcommon::start_pick_box()	&Apache::lonhtmlcommon::start_pick_box()
.&Apache::lonhtmlcommon::row_title(&mt('Save uploaded file as'))	.&Apache::lonhtmlcommon::row_title(&mt('Save uploaded file as'))
.'<span class="LC_filename">/priv/'.$uname.'/</span>'	.'<span class="LC_filename">'.$fn1.'</span>'
.'<input type="text" size="50" name="filename" value="'.$fn.'" />'	.'<input type="hidden" name="filename1" value="'.$fn1.'" />'
	.'<input type="text" size="50" name="filename2" value="'.$fn2.'" />'
.&Apache::lonhtmlcommon::row_closure()	.&Apache::lonhtmlcommon::row_closure()
.&Apache::lonhtmlcommon::row_title(&mt('File Type'))	.&Apache::lonhtmlcommon::row_title(&mt('File Type'))
.'<select name="filetype">'	.'<select name="filetype">'
Line 242 sub phaseone {	Line 272 sub phaseone {
}	}

sub phasetwo {	sub phasetwo {
my ($r,$tfn,$uname,$udom,$mode)=@_;	my ($r,$fn,$mode)=@_;

my $output;	my $output;
my $action = '/adm/upload';	my $action = '/adm/upload';
my $returnflag = '';	my $returnflag = '';
Line 251 sub phasetwo {	Line 282 sub phasetwo {
} elsif ($mode eq 'imsimport') {	} elsif ($mode eq 'imsimport') {
$action = '/adm/imsimport';	$action = '/adm/imsimport';
}	}
my $fn='/priv/'.$uname.'/'.$tfn;
$fn=~s/\/+/\//g;	$fn=~s/\/+/\//g;
&Debug($r, "Filename is ".$tfn);	if ($fn) {
if ($tfn) {	my $target= $r->dir_config('lonDocRoot').'/'.$fn;
&Debug($r, "Filename for tfn = ".$tfn);
my $target='/home/'.$uname.'/public_html'.$tfn;
&Debug($r, "target -> ".$target);	&Debug($r, "target -> ".$target);
# target is the full filesystem path of the destination file.	# target is the full filesystem path of the destination file.
my $base = &File::Basename::basename($fn);	my $base = &File::Basename::basename($fn);
my $path = &File::Basename::dirname($fn);	my $path = &File::Basename::dirname($fn);
$base = &HTML::Entities::encode($base,'<>&"');	$base = &HTML::Entities::encode($base,'<>&"');
my $url = $path."/".$base;	my $url = $path."/".$base;
&Debug($r, "URL is now ".$url);	&Debug($r, "URL is now ".$url);
my $datatoken=$env{'form.datatoken'};	my $datatoken;
	if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
	$datatoken = $env{'form.datatoken'};
	}
if (($fn) && ($datatoken)) {	if (($fn) && ($datatoken)) {
if ($env{'form.cancel'}) {	if ($env{'form.cancel'}) {
my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';	my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
Line 378 sub check_extension {	Line 409 sub check_extension {
if ($pathchg) {	if ($pathchg) {
if ($mode eq 'testbank') {	if ($mode eq 'testbank') {
$returnflag = 'embedded';	$returnflag = 'embedded';
$result .= '<p>'.&mt('Or [_1]continue[_2] the testbank import without modifying the references(s).','<a href="javascript:document.testbankForm.submit();">','</a>').'</p>';	$result .= '<p>'.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','<a href="javascript:document.testbankForm.submit();">','</a>').'</p>';
}	}
}	}
}	}
Line 399 sub check_extension {	Line 430 sub check_extension {
return ($result,$returnflag);	return ($result,$returnflag);
}	}

	sub check_filename {
	my ($fname) = @_;
	my $warning;
	if ($fname =~/[#\?&%":<>`\|]/) {
	$fname =~s/[#\?&%":<>`\|]//g;
	$warning .= '<p class="LC_warning">'
	.&mt('Removed one or more disallowed characters from filename')
	.'</p>';
	}
	if ($fname=~ /\.(\d+)\.(\w+)$/) {
	my $num = $1;
	$warning .= '<p class="LC_warning">'
	.&mt('Bad filename [_1]','<span class="LC_filename">'.$fname.'</span>')
	.'<br />'
	.&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
	.'<br />'
	.&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','<tt>','</tt>')
	.'</p>';
	if ($num eq '0') {
	$fname =~ s/\.(\d+)(\.\w+)$/_A$2/;
	} else {
	my $letts = '';
	my %digletter = reverse &Apache::lonnet::letter_to_digits();
	if ($num >= 100) {
	$num = substr($num,-2);
	}
	foreach my $digit (split('',$num)) {
	$letts .= $digletter{$digit};
	}
	$fname =~ s/\.(\d+)(\.\w+)$/_$letts$2/;
	}
	}
	if ($fname =~/___/) {
	$fname =~s/_+/_/g;
	$warning .= '<p class="LC_warning">'
	.&mt('Changed ___ to a single _ in filename')
	.'</p>';
	}
	return ($fname,$warning);
	}

sub phasethree {	sub phasethree {
my ($r,$fn,$uname,$udom,$mode) = @_;	my ($r,$fn,$uname,$udom,$mode) = @_;

my $action = '/adm/upload';	my $action = '/adm/upload';
if ($mode eq 'testbank') {	if ($mode eq 'testbank') {
$action = '/adm/testbank';	$action = '/adm/testbank';
} elsif ($mode eq 'imsimport') {	} elsif ($mode eq 'imsimport') {
$action = '/adm/imsimport';	$action = '/adm/imsimport';
}	}
my $dir_root = '/home/'.$uname.'/public_html';	my $url_root = "/priv/$udom/$uname";
my $url_root = '/priv/'.$uname;	my $dir_root = $r->dir_config('lonDocRoot').$url_root;
my $path = &File::Basename::dirname($fn);	my $path = &File::Basename::dirname($fn);
	$path =~ s{^\Q$url_root\E}{};
	my $dirpath = $url_root.$path.'/';
	$dirpath=~s{/+}{/}g;
my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"');	my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"');
my $state = &embedded_form_elems('modify_orightml',$filename,$mode).	my $state = &embedded_form_elems('modify_orightml',$filename,$mode).
'<input type="hidden" name="phase" value="four" />';	'<input type="hidden" name="phase" value="four" />';
Line 418 sub phasethree {	Line 494 sub phasethree {
$dir_root,$url_root,undef,	$dir_root,$url_root,undef,
undef,undef,$state,$action);	undef,undef,$state,$action);
if ($mode ne 'imsimport' && $mode ne 'testbank') {	if ($mode ne 'imsimport' && $mode ne 'testbank') {
$result .= '<br /><h3><a href="'.$url_root.$fn.'">'.	$result .= '<br /><h3><a href="'.$fn.'">'.
&mt('View main file').'</a></h3>'.	&mt('View main file').'</a></h3>'.
'<h3><a href="'.$url_root.$path.'">'.	'<h3><a href="'.$dirpath.'">'.
&mt('Back to Directory').'</a></h3><br />';	&mt('Back to Directory').'</a></h3><br />';
}	}
return ($result,$returnflag);	return ($result,$returnflag);
Line 437 STATE	Line 513 STATE

sub phasefour {	sub phasefour {
my ($r,$fn,$uname,$udom,$mode) = @_;	my ($r,$fn,$uname,$udom,$mode) = @_;

my $action = '/adm/upload';	my $action = '/adm/upload';
if ($mode eq 'testbank') {	if ($mode eq 'testbank') {
$action = '/adm/testbank';	$action = '/adm/testbank';
Line 444 sub phasefour {	Line 521 sub phasefour {
$action = '/adm/imsimport';	$action = '/adm/imsimport';
}	}
my $result;	my $result;
my $dir_root = '/home/'.$uname.'/public_html';	my $url_root = "/priv/$udom/$uname";
my $url_root = '/priv/'.$uname;	my $dir_root = $r->dir_config('lonDocRoot').$url_root;
my $path = &File::Basename::dirname($fn);	my $path = &File::Basename::dirname($fn);
$result .= &Apache::loncommon::modify_html_refs($mode,$path,	$path =~ s{^\Q$url_root\E}{};
$uname,$udom,$dir_root);	my $dirpath = $url_root.$path.'/';
	$dirpath=~s{/+}{/}g;
	my $outcome =
	&Apache::loncommon::modify_html_refs($mode,$path,$uname,$udom,$dir_root);
	$result .= $outcome;
if ($mode ne 'imsimport' && $mode ne 'testbank') {	if ($mode ne 'imsimport' && $mode ne 'testbank') {
$result .= '<br /><h3><a href="'.$url_root.$fn.'">'.	$result .= '<br /><h3><a href="'.$fn.'">'.
&mt('View main file').'</a></h3>'.	&mt('View main file').'</a></h3>'.
'<h3><a href="'.$url_root.$path.'">'.	'<h3><a href="'.$dirpath.'">'.
&mt('Back to Directory').'</a></h3><br />';	&mt('Back to Directory').'</a></h3><br />';
}	}
return $result;	return $result;
}	}

	sub earlyout {
	my ($fn,$uname,$udom) = @_;
	if ($fn =~ m{^(/priv/$udom/$uname(?:.)/)[^/]}) {
	return &Apache::lonhtmlcommon::actionbox(
	['<a href="'.$1.'">'.&mt('Return to Directory').'</a>']);
	}
	return;
	}

# ---------------------------------------------------------------- Main Handler	# ---------------------------------------------------------------- Main Handler
sub handler {	sub handler {

my $r=shift;	my $r=shift;

my $uname;
my $udom;
my $javascript = '';	my $javascript = '';
#	my $fn;
# phase two: re-attach user	my $warning;
#
if ($env{'form.uploaduname'}) {	if ($env{'form.filename1'}) {
$env{'form.filename'}='/priv/'.$env{'form.uploaduname'}.'/'.	my $fn1 = $env{'form.filename1'};
$env{'form.filename'};	my $fn2 = $env{'form.filename2'};
	$fn2 =~ s/(\s+$\|^\s+)//g;
	$fn2 =~ s/\/+/\//g;
	($fn2,$warning) = &check_filename($fn2);
	$fn = $fn1.$fn2;
	} else {
	$fn = $env{'form.filename'};
}	}
	$fn=~s/\/+/\//g;
	if ($fn =~ m{/\.\./}) {
	$warning .= '<p class="LC_warning">'
	.&mt('Path modified as a result of one or more instances of /../')
	.'</p>';
	while ($fn =~ m{/\.\./}) {
	$fn =~ s{/[^/]+/\.\./}{/}g;
	}
	}

	unless ($fn) {
	$r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
	' unspecified filename for upload', $r->filename);
	return HTTP_NOT_FOUND;
	}

	my ($uname,$udom)=&Apache::lonnet::constructaccess($fn);

	unless (($uname) && ($udom)) {
	$r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
	' trying to upload file '.$fn.
	' - not authorized',
	$r->filename);
	return HTTP_NOT_ACCEPTABLE;
	}

	# ----------------------------------------------------------- Start page output

	&Apache::loncommon::content_type($r,'text/html');
	$r->send_http_header;

unless ($env{'form.phase'} eq 'two') {	unless ($env{'form.phase'} eq 'two') {
$javascript = qq\|	$javascript = <<"ENDJS";
	<script type="text/javascript">
	// <![CDATA[
function verifyForm() {	function verifyForm() {
var mode = document.fileupload.filetype.options[document.fileupload.filetype.selectedIndex].value	var mode = document.fileupload.filetype.options[document.fileupload.filetype.selectedIndex].value
if (mode == "testbank") {	if (mode == "testbank") {
Line 489 function verifyForm() {	Line 614 function verifyForm() {
}	}
document.fileupload.submit();	document.fileupload.submit();
}	}
\|;	// ]]>
	</script>
	ENDJS
}	}
($uname,$udom)=
&Apache::loncacc::constructaccess($env{'form.filename'},
$r->dir_config('lonDefDomain'));

unless (($uname) && ($udom)) {
$r->log_reason($uname.' at '.$udom.
' trying to publish file '.$env{'form.filename'}.
' - not authorized',
$r->filename);
return HTTP_NOT_ACCEPTABLE;
}

my $fn;
if ($env{'form.filename'}) {
$fn=$env{'form.filename'};
$fn=~s/^https?\:\/\/[^\/]+\///;
$fn=~s/^\///;
$fn=~s{(~\|priv/)($LONCAPA::username_re)}{};
$fn=~s/\/+/\//g;
} else {
$r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
' unspecified filename for upload', $r->filename);
return HTTP_NOT_FOUND;
}

# ----------------------------------------------------------- Start page output

	my $londocroot = $r->dir_config('lonDocRoot');
&Apache::loncommon::content_type($r,'text/html');	my $trailfile = $fn;
$r->send_http_header;	$trailfile =~ s{^/(priv/)}{$londocroot/$1};

$javascript = "<script type=\"text/javascript\">\n//<!--\n".
$javascript."\n// --></script>\n";

# Breadcrumbs	# Breadcrumbs
my $brcrum = [{'href' => &Apache::loncommon::authorspace(),	my $brcrum = [{'href' => &Apache::loncommon::authorspace($fn),
'text' => 'Construction Space'},	'text' => 'Authoring Space'},
{'href' => '/adm/upload',	{'href' => '/adm/upload',
'text' => 'Upload file to Construction Space'}];	'text' => 'Upload file to Authoring Space'}];
$r->print(&Apache::loncommon::start_page('Upload file to Construction Space',	$r->print(&Apache::loncommon::start_page('Upload file to Authoring Space',
$javascript,	$javascript,
{'bread_crumbs' => $brcrum,})	{'bread_crumbs' => $brcrum,})
.&Apache::loncommon::head_subbox(	.&Apache::loncommon::head_subbox(
&Apache::loncommon::CSTR_pageheader())	&Apache::loncommon::CSTR_pageheader($trailfile))
);	);

if (($uname ne $env{'user.name'}) \|\| ($udom ne $env{'user.domain'})) {	if (($uname ne $env{'user.name'}) \|\| ($udom ne $env{'user.domain'})) {
Line 543 function verifyForm() {	Line 641 function verifyForm() {
.'</p>'	.'</p>'
);	);
}	}
	if ($warning) {
	$r->print($warning);
	}
if ($env{'form.phase'} eq 'four') {	if ($env{'form.phase'} eq 'four') {
my $output = &phasefour($r,$fn,$uname,$udom,'author');	my $output = &phasefour($r,$fn,$uname,$udom,'author');
$r->print($output);	$r->print($output);
} elsif ($env{'form.phase'} eq 'three') {	} elsif ($env{'form.phase'} eq 'three') {
my $output = &phasethree($r,$fn,$uname,$udom,'author');	my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author');
$r->print($output);	$r->print($output);
} elsif ($env{'form.phase'} eq 'two') {	} elsif ($env{'form.phase'} eq 'two') {
my ($output,$returnflag) = &phasetwo($r,$fn,$uname,$udom);	my ($output,$returnflag) = &phasetwo($r,$fn);
$r->print($output);	$r->print($output);
} else {	} else {
&phaseone($r,$fn,$uname,$udom);	&phaseone($r,$fn,undef,$uname,$udom);
}	}

$r->print(&Apache::loncommon::end_page());	$r->print(&Apache::loncommon::end_page());
return OK;	return OK;
}	}

1;	1;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.52
changed lines
	Added in v.1.70