--- loncom/publisher/lonupload.pm 2008/06/17 02:20:08 1.37 +++ loncom/publisher/lonupload.pm 2019/03/04 19:54:35 1.69 @@ -1,8 +1,7 @@ - # The LearningOnline Network with CAPA # Handler to upload files into construction space # -# $Id: lonupload.pm,v 1.37 2008/06/17 02:20:08 raeburn Exp $ +# $Id: lonupload.pm,v 1.69 2019/03/04 19:54:35 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -28,6 +27,97 @@ # ### +=head1 NAME + +Apache::lonupload - upload files into construction space + +=head1 SYNOPSIS + +Invoked by /etc/httpd/conf/srm.conf: + + + PerlAccessHandler Apache::lonacc + SetHandler perl-script + PerlHandler Apache::lonupload + ErrorDocument 403 /adm/login + ErrorDocument 404 /adm/notfound.html + ErrorDocument 406 /adm/unauthorized.html + ErrorDocument 500 /adm/errorhandler + + +=head1 INTRODUCTION + +This module uploads a file sitting on a client computer into +library server construction space. + +This is part of the LearningOnline Network with CAPA project +described at http://www.lon-capa.org. + +=head1 HANDLER SUBROUTINE + +This routine is called by Apache and mod_perl. + +=over 4 + +=item * + +Initialize variables + +=item * + +Start page output + +=item * + +output relevant interface phase (phaseone, phasetwo, phasethree or phasefour) + +=item * + +(phase one is to specify upload file; phase two is to handle conditions +subsequent to specification--like overwriting an existing file; phase three +is to handle processing of secondary uploads - of embedded objects in an +html file). + +=back + +=head1 OTHER SUBROUTINES + +=over + +=item phaseone() + +Interface for specifying file to upload. + +=item phasetwo() + +Interface for handling post-conditions about uploading (such +as overwriting an existing file). + +=item phasethree() + +Interface for handling secondary uploads of embedded objects +in an html file. + +=item phasefour() + +Interface for handling optional renaming of links to embedded +objects. + +=item upfile_store() + +Store contents of uploaded file into temporary space. Invoked +by phaseone subroutine. + +=item check_extension() + +Checks if filename extension is permitted and checks type + of file - if html file, calls parser to check for embedded objects. + Invoked by phasetwo subroutine. + +=back + +=cut + package Apache::lonupload; use strict; @@ -35,13 +125,12 @@ use Apache::File; use File::Copy; use File::Basename; use Apache::Constants qw(:common :http :methods); -use Apache::loncacc; use Apache::loncommon(); use Apache::lonnet; use HTML::Entities(); use Apache::lonlocal; use Apache::lonnet; -use LONCAPA(); +use LONCAPA qw(:DEFAULT :match); my $DEBUG=0; @@ -61,8 +150,12 @@ sub upfile_store { chomp($env{'form.upfile'}); - my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}. - '_upload_'.$fname.'_'.time.'_'.$$; + my $datatoken; + if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) { + $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}. + '_upload_'.$fname.'_'.time.'_'.$$; + } + return if ($datatoken eq ''); { my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons'). '/tmp/'.$datatoken.'.tmp'); @@ -72,69 +165,115 @@ sub upfile_store { } sub phaseone { - my ($r,$fn,$uname,$udom,$mode)=@_; + my ($r,$fn,$mode,$uname,$udom)=@_; my $action = '/adm/upload'; if ($mode eq 'testbank') { $action = '/adm/testbank'; } elsif ($mode eq 'imsimport') { $action = '/adm/imsimport'; } + + # Check for file to be uploaded $env{'form.upfile.filename'}=~s/\\/\//g; $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/; - if ($env{'form.upfile.filename'}) { - $fn=~s/\/[^\/]+$//; - $fn=~s/([^\/])$/$1\//; - $fn.=$env{'form.upfile.filename'}; - $fn=~s/^\///; - $fn=~s/(\/)+/\//g; - -# Fn is the full path to the destination filename. -# - - &Debug($r, "Filename for upload: $fn"); - if (($fn) && ($fn!~/\/$/)) { - $r->print('
'. - ''. - ''. - ''.&mt('Save uploaded file as '). - "/priv/$uname/". - '
'. - '
'.&mt('Choose file type:').' -'.&Apache::loncommon::help_open_topic("Uploading_File_Options").' -
-
-'); - $r->print('
'); - # Check for bad extension and warn user - if ($fn=~/\.(\w+)$/ && - (&Apache::loncommon::fileembstyle($1) eq 'hdn')) { - $r->print(''.&mt('The extension on this file,'). - ' "'.$1.'"'.&mt(', is reserved internally by LON-CAPA.'). - '
'.&mt('Please change the extension.').''); - } elsif($fn=~/\.(\w+)$/ && - !defined(&Apache::loncommon::fileembstyle($1))) { - $r->print(''.&mt('The extension on this file,'). - ' "'.$1.'"'.&mt(', is not recognized by LON-CAPA.'). - '
'.&mt('Please change the extension.'). - ''); - } - } else { - $r->print(''.&mt('Illegal filename.').''); - } - } else { - $r->print(''.&mt('No upload file specified.').''); + $env{'form.upfile.filename'}=~s/(\s+$|^\s+)//g; + if (!$env{'form.upfile.filename'}) { + $r->print('

'.&mt('No upload file specified.').'

'. + &earlyout($fn,$uname,$udom)); + return; + } + + # Append the name of the uploaded file + $fn.=$env{'form.upfile.filename'}; + $fn=~s/(\/)+/\//g; + + # Check for illegal filename + &Debug($r, "Filename for upload: $fn"); + if (!(($fn) && ($fn!~/\/$/))) { + $r->print('

'.&mt('Illegal filename.').'

'); + return; + } + # Check if quota exceeded + my $filesize = length($env{'form.upfile'}); + if (!$filesize) { + $r->print('

'. + &mt('Unable to upload [_1]. (size = [_2] bytes)', + ''.$env{'form.upfile.filename'}.'', + $filesize).'
'. + &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'
'. + '

'. + &earlyout($fn,$uname,$udom)); + return; + } + $filesize = int($filesize/1000); #expressed in kb + my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author', + $env{'form.upfile.filename'},$filesize,'upload'); + if ($output) { + $r->print($output.&earlyout($fn,$uname,$udom)); + return; + } + +# Split part that I can change from the part that I cannot change + my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/); +# Check for pattern: .number.extension which is reserved for LON-CAPA versioning. +# Check for disallowed characters: #?&%:<>`|, and remove + if ($fn2 ne '') { + ($fn2,my $warning) = &check_filename($fn2); + if ($warning ne '') { + $r->print($warning); + } + } + # Display additional options for upload + # and upload button + $r->print( + '
' + .'' + .'' + ); + $r->print( + &Apache::lonhtmlcommon::start_pick_box() + .&Apache::lonhtmlcommon::row_title(&mt('Save uploaded file as')) + .''.$fn1.'' + .'' + .'' + .&Apache::lonhtmlcommon::row_closure() + .&Apache::lonhtmlcommon::row_title(&mt('File Type')) + .''.&Apache::loncommon::help_open_topic("Uploading_File_Options") + .&Apache::lonhtmlcommon::row_closure(1) + .&Apache::lonhtmlcommon::end_pick_box() + ); + $r->print( + '

' + .'' + .'

' + .'
' + ); + + # Check for bad extension and warn user + if ($fn=~/\.(\w+)$/ && + (&Apache::loncommon::fileembstyle($1) eq 'hdn')) { + $r->print('

' + .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.', + ''.$1.'') + .'
'.&mt('Please change the extension.') + .'

'); + } elsif($fn=~/\.(\w+)$/ && + !defined(&Apache::loncommon::fileembstyle($1))) { + $r->print('

' + .&mt('The extension on this file, [_1], is not recognized by LON-CAPA.', + ''.$1.'') + .'
'.&mt('Please change the extension.') + .'

'); } } sub phasetwo { - my ($r,$tfn,$uname,$udom,$mode)=@_; + my ($r,$fn,$mode)=@_; + my $output; my $action = '/adm/upload'; my $returnflag = ''; @@ -143,36 +282,41 @@ sub phasetwo { } elsif ($mode eq 'imsimport') { $action = '/adm/imsimport'; } - my $fn='/priv/'.$uname.'/'.$tfn; $fn=~s/\/+/\//g; - &Debug($r, "Filename is ".$tfn); - if ($tfn) { - &Debug($r, "Filename for tfn = ".$tfn); - my $target='/home/'.$uname.'/public_html'.$tfn; + if ($fn) { + my $target= $r->dir_config('lonDocRoot').'/'.$fn; &Debug($r, "target -> ".$target); # target is the full filesystem path of the destination file. my $base = &File::Basename::basename($fn); my $path = &File::Basename::dirname($fn); $base = &HTML::Entities::encode($base,'<>&"'); - my $url = $path."/".$base; + my $url = $path."/".$base; &Debug($r, "URL is now ".$url); - my $datatoken=$env{'form.datatoken'}; + my $datatoken; + if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) { + $datatoken = $env{'form.datatoken'}; + } if (($fn) && ($datatoken)) { if ($env{'form.cancel'}) { my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; my $dirpath=$path.'/'; $dirpath=~s/\/+/\//g; - $output .= &mt('Upload cancelled.').'
'. - &mt('Back to Directory').''; - } elsif ((-e $target) && (!$env{'form.override'})) { - $output .= '
'. - &mt('File [_1] exists. Overwrite?',''.$fn.''). - ''. - ''. - ''. - ''. - ''. - '
'; + $output .= '

'.&mt('Upload cancelled.').'

' + .'

'. + &mt('Back to Directory').'

'; + } elsif ((-e $target) && (!$env{'form.override'})) { + $output .= '
' + .'

' + .&mt('File [_1] already exists.', + ''.$fn.'') + .'' + .'' + .'' + .'

' + .'' + .' ' + .'

' + .'
'; } else { my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; my $dirpath=$path.'/'; @@ -201,31 +345,39 @@ sub check_extension { # Check for bad extension and disallow upload if ($fn=~/\.(\w+)$/ && (&Apache::loncommon::fileembstyle($1) eq 'hdn')) { - $result .= &mt('File [_1] could not be copied.', - ''.$fn.' '). - '
'. - &mt('The extension on this file is reserved internally by LON-CAPA.'). - ''; + $result .= '

'. + &mt('File [_1] could not be copied.', + ''.$fn.' '). + '
'. + &mt('The extension on this file is reserved internally by LON-CAPA.'). + '

'; } elsif ($fn=~/\.(\w+)$/ && !defined(&Apache::loncommon::fileembstyle($1))) { - $result .= &mt('File [_1] could not be copied.', - ''.$fn.' '). - '
'. - &mt('The extension on this file is not recognized by LON-CAPA.'). - ''; + $result .= '

'. + &mt('File [_1] could not be copied.', + ''.$fn.' '). + '
'. + &mt('The extension on this file is not recognized by LON-CAPA.'). + '

'; } elsif (-d $target) { - $result .= &mt('File [_1] could not be copied.', - ''.$fn.''). - '
'. - &mt('The target is an existing directory.'). - ''; + $result .= '

'. + &mt('File [_1] could not be copied.', + ''.$fn.''). + '
'. + &mt('The target is an existing directory.'). + '

'; } elsif (copy($source,$target)) { chmod(0660, $target); # Set permissions to rw-rw---. if ($mode eq 'testbank' || $mode eq 'imsimport') { $returnflag = 'ok'; - $result .= &mt('Your file - [_1] - was uploaded successfully',$fn).'

'; + $result .= '

' + .&mt('Your file - [_1] - was uploaded successfully.', + ''.$fn.'') + .'

'; } else { - $result .= &mt('File copied.').'
'; + $result .= '

' + .&mt('File copied.') + .'

'; } # Check for embedded objects. my (%allfiles,%codebase); @@ -234,75 +386,213 @@ sub check_extension { my (%allfiles,%codebase); &Apache::lonnet::extract_embedded_items($target,\%allfiles,\%codebase); if (keys(%allfiles) > 0) { - my $state = < - - - - -STATE - $result .= "

".&mt("Reference Warning")."

". - "

".&mt("Completed upload of the file. This file contained references to other files.")."

". - "

".&mt("Please select the locations from which the referenced files are to be uploaded.")."

". - &Apache::loncommon::ask_for_embedded_content($action,$state,\%allfiles,\%codebase, - {'error_on_invalid_names' => 1, - 'ignore_remote_references' => 1,}); - if ($mode eq 'testbank') { - $returnflag = 'embedded'; - $result .= '

'.&mt('Or [_1]continue[_2] the testbank import without these files','','').'

'; + my ($currentpath) = ($url =~ m{^(.+)/[^/]+$}); + my $state = &embedded_form_elems('upload_embedded',$url,$mode); + my ($embedded,$num,$pathchg) = + &Apache::loncommon::ask_for_embedded_content($action,$state,\%allfiles, + \%codebase, + {'error_on_invalid_names' => 1, + 'ignore_remote_references' => 1, + 'current_path' => $currentpath}); + if ($embedded) { + $result .= '

'.&mt('Reference Warning').'

'; + if ($num) { + $result .= '

'.&mt('Completed upload of the file.').' '.&mt('This file contained references to other files.').'

'. + '

'.&mt('Please select the locations from which the referenced files are to be uploaded.').'

'. + $embedded; + if ($mode eq 'testbank') { + $returnflag = 'embedded'; + $result .= '

'.&mt('Or [_1]continue[_2] the testbank import without these files.','','').'

'; + } + } else { + $result .= '

'.&mt('Completed upload of the file.').'

'.$embedded; + if ($pathchg) { + if ($mode eq 'testbank') { + $returnflag = 'embedded'; + $result .= '

'.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','','').'

'; + } + } + } } } } if (($mode ne 'imsimport') && ($mode ne 'testbank')) { - $result .= '
'. - &mt('View file').''; + $result .= '
'. + &mt('View file').''; } } else { $result .= &mt('Failed to copy: [_1].',$!); } if ($mode ne 'imsimport' && $mode ne 'testbank') { - $result .= '
'. - &mt('Back to Directory').'
'; + $result .= '
'. + &mt('Back to Directory').'
'; } return ($result,$returnflag); } +sub check_filename { + my ($fname) = @_; + my $warning; + if ($fname =~/[#\?&%":<>`|]/) { + $fname =~s/[#\?&%":<>`|]//g; + $warning .= '

' + .&mt('Removed one or more disallowed characters from filename') + .'

'; + } + if ($fname=~ /\.(\d+)\.(\w+)$/) { + my $num = $1; + $warning .= '

' + .&mt('Bad filename [_1]',''.$fname.'') + .'
' + .&mt('[_1](name).(number).(extension)[_2] not allowed.','','') + .'
' + .&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','','') + .'

'; + if ($num eq '0') { + $fname =~ s/\.(\d+)(\.\w+)$/_A$2/; + } else { + my $letts = ''; + my %digletter = reverse &Apache::lonnet::letter_to_digits(); + if ($num >= 100) { + $num = substr($num,-2); + } + foreach my $digit (split('',$num)) { + $letts .= $digletter{$digit}; + } + $fname =~ s/\.(\d+)(\.\w+)$/_$letts$2/; + } + } + if ($fname =~/___/) { + $fname =~s/_+/_/g; + $warning .= '

' + .&mt('Changed ___ to a single _ in filename') + .'

'; + } + return ($fname,$warning); +} + sub phasethree { my ($r,$fn,$uname,$udom,$mode) = @_; + + my $action = '/adm/upload'; + if ($mode eq 'testbank') { + $action = '/adm/testbank'; + } elsif ($mode eq 'imsimport') { + $action = '/adm/imsimport'; + } + my $url_root = "/priv/$udom/$uname"; + my $dir_root = $r->dir_config('lonDocRoot').$url_root; + my $path = &File::Basename::dirname($fn); + $path =~ s{^\Q$url_root\E}{}; + my $dirpath = $url_root.$path.'/'; + $dirpath=~s{/+}{/}g; + my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"'); + my $state = &embedded_form_elems('modify_orightml',$filename,$mode). + ''; + my ($result,$returnflag) = + &Apache::loncommon::upload_embedded($mode,$path,$uname,$udom, + $dir_root,$url_root,undef, + undef,undef,$state,$action); + if ($mode ne 'imsimport' && $mode ne 'testbank') { + $result .= '

'. + &mt('View main file').'

'. + '

'. + &mt('Back to Directory').'


'; + } + return ($result,$returnflag); +} + +sub embedded_form_elems { + my ($action,$filename,$mode) = @_; + return < + + +STATE +} + +sub phasefour { + my ($r,$fn,$uname,$udom,$mode) = @_; + + my $action = '/adm/upload'; + if ($mode eq 'testbank') { + $action = '/adm/testbank'; + } elsif ($mode eq 'imsimport') { + $action = '/adm/imsimport'; + } my $result; - my $dir_root = '/home/'.$uname.'/public_html'; - my $url_root = '/priv/'.$uname; - my $base = &File::Basename::basename($fn); + my $url_root = "/priv/$udom/$uname"; + my $dir_root = $r->dir_config('lonDocRoot').$url_root; my $path = &File::Basename::dirname($fn); - $result = &Apache::loncommon::upload_embedded($mode,$path,$uname,$udom, - $dir_root,$url_root); + $path =~ s{^\Q$url_root\E}{}; + my $dirpath = $url_root.$path.'/'; + $dirpath=~s{/+}{/}g; + my $outcome = + &Apache::loncommon::modify_html_refs($mode,$path,$uname,$udom,$dir_root); + $result .= $outcome; if ($mode ne 'imsimport' && $mode ne 'testbank') { - $result = '
'. - &mt('View main file').''. - '
'. - &mt('Back to Directory').'
'; + $result .= '

'. + &mt('View main file').'

'. + '

'. + &mt('Back to Directory').'


'; } return $result; } +sub earlyout { + my ($fn,$uname,$udom) = @_; + if ($fn =~ m{^(/priv/$udom/$uname(?:.*)/)[^/]*}) { + return &Apache::lonhtmlcommon::actionbox( + [''.&mt('Return to Directory').'']); + } + return; +} + # ---------------------------------------------------------------- Main Handler sub handler { my $r=shift; - - my $uname; - my $udom; my $javascript = ''; -# -# phase two: re-attach user -# - if ($env{'form.uploaduname'}) { - $env{'form.filename'}='/priv/'.$env{'form.uploaduname'}.'/'. - $env{'form.filename'}; + my $fn; + my $warning; + + if ($env{'form.filename1'}) { + my $fn1 = $env{'form.filename1'}; + my $fn2 = $env{'form.filename2'}; + $fn2 =~ s/(\s+$|^\s+)//g; + $fn2 =~ s/\/+/\//g; + ($fn2,$warning) = &check_filename($fn2); + $fn = $fn1.$fn2; + } else { + $fn = $env{'form.filename'}; + } + $fn=~s/\/+/\//g; + + unless ($fn) { + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. + ' unspecified filename for upload', $r->filename); + return HTTP_NOT_FOUND; + } + + my ($uname,$udom)=&Apache::lonnet::constructaccess($fn); + + unless (($uname) && ($udom)) { + $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. + ' trying to upload file '.$fn. + ' - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; } +# ----------------------------------------------------------- Start page output + + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + unless ($env{'form.phase'} eq 'two') { - $javascript = qq| + $javascript = <<"ENDJS"; +\n"; - - $r->print(&Apache::loncommon::start_page('Upload file to Construction Space', - $javascript)); +// ]]> + +ENDJS + } + + my $londocroot = $r->dir_config('lonDocRoot'); + my $trailfile = $fn; + $trailfile =~ s{^/(priv/)}{$londocroot/$1}; + + # Breadcrumbs + my $brcrum = [{'href' => &Apache::loncommon::authorspace($fn), + 'text' => 'Authoring Space'}, + {'href' => '/adm/upload', + 'text' => 'Upload file to Authoring Space'}]; + $r->print(&Apache::loncommon::start_page('Upload file to Authoring Space', + $javascript, + {'bread_crumbs' => $brcrum,}) + .&Apache::loncommon::head_subbox( + &Apache::loncommon::CSTR_pageheader($trailfile)) + ); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { - $r->print('

'.&mt('Co-Author').': '.$uname. - &mt(' at ').$udom.'

'); + $r->print('

' + .&mt('Co-Author [_1]',$uname.':'.$udom) + .'

' + ); } - - if ($env{'form.phase'} eq 'three') { - my $output = &phasethree($r,$fn,$uname,$udom,'author'); + if ($warning) { + $r->print($warning); + } + if ($env{'form.phase'} eq 'four') { + my $output = &phasefour($r,$fn,$uname,$udom,'author'); + $r->print($output); + } elsif ($env{'form.phase'} eq 'three') { + my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author'); $r->print($output); } elsif ($env{'form.phase'} eq 'two') { - my ($output,$returnflag) = &phasetwo($r,$fn,$uname,$udom); + my ($output,$returnflag) = &phasetwo($r,$fn); $r->print($output); } else { - &phaseone($r,$fn,$uname,$udom); + &phaseone($r,$fn,undef,$uname,$udom); } $r->print(&Apache::loncommon::end_page()); - return OK; + return OK; } 1; __END__ -=head1 NAME - -Apache::lonupload - upload files into construction space - -=head1 SYNOPSIS - -Invoked by /etc/httpd/conf/srm.conf: - - PerlAccessHandler Apache::lonacc - SetHandler perl-script - PerlHandler Apache::lonupload - ErrorDocument 403 /adm/login - ErrorDocument 404 /adm/notfound.html - ErrorDocument 406 /adm/unauthorized.html - ErrorDocument 500 /adm/errorhandler - - -=head1 INTRODUCTION - -This module uploads a file sitting on a client computer into -library server construction space. - -This is part of the LearningOnline Network with CAPA project -described at http://www.lon-capa.org. - -=head1 HANDLER SUBROUTINE - -This routine is called by Apache and mod_perl. - -=over 4 - -=item * - -Initialize variables - -=item * - -Start page output - -=item * - -output relevant interface phase (phaseone or phasetwo or phasethree) - -=item * - -(phase one is to specify upload file; phase two is to handle conditions -subsequent to specification--like overwriting an existing file; phase three -is to handle processing of secondary uploads - of embedded objects in an -html file). - -=back - -=head1 OTHER SUBROUTINES - -=over 4 - -=item * - -phaseone() : Interface for specifying file to upload. - -=item * - -phasetwo() : Interface for handling post-conditions about uploading (such -as overwriting an existing file). - -=item * - -phasethree() : Interface for handling secondary uploads of embedded objects -in an html file. - -=item * - -upfile_store() : Store contents of uploaded file into temporary space. Invoked -by phaseone subroutine. - -= item * - -check_extension() : Checks if filename extension is permitted and checks type - of file - if html file, calls parser to check for embedded objects. - Invoked by phasetwo subroutine. - -=back - -=cut