--- loncom/publisher/lonupload.pm	2001/04/10 01:57:28	1.2
+++ loncom/publisher/lonupload.pm	2001/05/25 16:36:36	1.3
@@ -15,7 +15,7 @@
 #
 # 03/31,04/03 Gerd Kortemeyer)
 #
-# 04/05,04/09 Gerd Kortemeyer
+# 04/05,04/09,05/25 Gerd Kortemeyer
 
 package Apache::lonupload;
 
@@ -23,7 +23,7 @@ use strict;
 use Apache::File;
 use File::Copy;
 use Apache::Constants qw(:common :http :methods);
-
+use Apache::loncacc;
 
 sub upfile_store {
     my $r=shift;
@@ -49,18 +49,28 @@ sub phaseone {
     $fn=~s/\/[^\/]+$//;
     $fn=~s/([^\/])$/$1\//;
     $fn.=$ENV{'form.upfile.filename'};
-    $r->print(
+    $fn=~s/^\///;
+    $fn=~s/(\/)+/\//g;
+
+    if (($fn) && ($fn!~/\/$/)) {
+      $r->print(
  '<form action=/adm/upload method=post>'.
  '<input type=hidden name=phase value=two>'.
  '<input type=hidden name=datatoken value="'.&upfile_store.'">'.
  'Store uploaded file as '.
- '<input type=text size=50 name=filename value="'.$fn.'"><br>'.
+ '<input type=text size=50 name=filename value="/priv/'.
+  $uname.'/'.$fn.'"><br>'.
  '<input type=submit value="Store"></form>');
+  } else {
+      $r->print('<font color=red>Illegal filename.</font>');
+  }
 }
 
 sub phasetwo {
     my ($r,$fn,$uname,$udom)=@_;
-    my $target='/home/'.$uname.'/public_html'.$fn;
+    my $tfn=$fn;
+    $tfn=~s/^\/(\~|priv)\/(\w+)//;
+    my $target='/home/'.$uname.'/public_html'.$tfn;
     my $datatoken=$ENV{'form.datatoken'};
     if (($fn) && ($datatoken)) {
 	if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
@@ -76,7 +86,7 @@ sub phasetwo {
 	                             '/tmp/'.$datatoken.'.tmp';
            if (copy($source,$target)) {
 	      $r->print('File copied.');
-              $r->print('<p><font size=+2><a href="/priv/'.$uname.$fn.
+              $r->print('<p><font size=+2><a href="'.$fn.
                         '">View file</a></font>');
 	   } else {
               $r->print('Failed to copy: '.$!);
@@ -93,11 +103,24 @@ sub handler {
 
   my $r=shift;
 
+  my $uname;
+  my $udom;
+
+  unless (($uname,$udom)=
+    &Apache::loncacc::constructaccess(
+             $ENV{'form.filename'},$r->dir_config('lonDefDomain'))) {
+     $r->log_reason($uname.' at '.$udom.
+         ' trying to publish file '.$ENV{'form.filename'}.
+         ' - not authorized', 
+         $r->filename); 
+     return HTTP_NOT_ACCEPTABLE;
+  }
+
   my $fn;
 
   if ($ENV{'form.filename'}) {
       $fn=$ENV{'form.filename'};
-      $fn=~s/^http\:\/\/[^\/]+\/\~(\w+)//;
+      $fn=~s/^http\:\/\/[^\/]+\/(\~|priv\/)(\w+)//;
   } else {
      $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
          ' unspecified filename for upload', $r->filename); 
@@ -106,8 +129,6 @@ sub handler {
 
 # ----------------------------------------------------------- Start page output
 
-  my $uname=$ENV{'user.name'};
-  my $udom=$ENV{'user.domain'};
 
   $r->content_type('text/html');
   $r->send_http_header;
@@ -119,6 +140,12 @@ sub handler {
 
   
   $r->print('<h1>Upload file to Construction Space</h1>');
+  
+  if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) {
+          $r->print('<h3><font color=red>Co-Author: '.$uname.' at '.$udom.
+               '</font></h3>');
+  }
+
 
   if ($ENV{'form.phase'} eq 'two') {
       &phasetwo($r,$fn,$uname,$udom);