--- loncom/publisher/lonupload.pm 2011/10/31 01:28:47 1.56 +++ loncom/publisher/lonupload.pm 2017/11/12 23:01:00 1.68 @@ -1,8 +1,7 @@ - # The LearningOnline Network with CAPA # Handler to upload files into construction space # -# $Id: lonupload.pm,v 1.56 2011/10/31 01:28:47 raeburn Exp $ +# $Id: lonupload.pm,v 1.68 2017/11/12 23:01:00 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -126,13 +125,12 @@ use Apache::File; use File::Copy; use File::Basename; use Apache::Constants qw(:common :http :methods); -use Apache::loncacc; use Apache::loncommon(); use Apache::lonnet; use HTML::Entities(); use Apache::lonlocal; use Apache::lonnet; -use LONCAPA(); +use LONCAPA qw(:DEFAULT :match); my $DEBUG=0; @@ -152,8 +150,12 @@ sub upfile_store { chomp($env{'form.upfile'}); - my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}. - '_upload_'.$fname.'_'.time.'_'.$$; + my $datatoken; + if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) { + $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}. + '_upload_'.$fname.'_'.time.'_'.$$; + } + return if ($datatoken eq ''); { my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons'). '/tmp/'.$datatoken.'.tmp'); @@ -163,7 +165,7 @@ sub upfile_store { } sub phaseone { - my ($r,$fn,$uname,$udom,$mode)=@_; + my ($r,$fn,$mode,$uname,$udom)=@_; my $action = '/adm/upload'; if ($mode eq 'testbank') { $action = '/adm/testbank'; @@ -175,7 +177,8 @@ sub phaseone { $env{'form.upfile.filename'}=~s/\\/\//g; $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/; if (!$env{'form.upfile.filename'}) { - $r->print('

'.&mt('No upload file specified.').'

'); + $r->print('

'.&mt('No upload file specified.').'

'. + &earlyout($fn,$uname,$udom)); return; } @@ -189,6 +192,26 @@ sub phaseone { $r->print('

'.&mt('Illegal filename.').'

'); return; } + # Check if quota exceeded + my $filesize = length($env{'form.upfile'}); + if (!$filesize) { + $r->print('

'. + &mt('Unable to upload [_1]. (size = [_2] bytes)', + ''.$env{'form.upfile.filename'}.'', + $filesize).'
'. + &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'
'. + '

'. + &earlyout($fn,$uname,$udom)); + return; + } + $filesize = int($filesize/1000); #expressed in kb + my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author', + $env{'form.upfile.filename'},$filesize,'upload'); + if ($output) { + $r->print($output.&earlyout($fn,$uname,$udom)); + return; + } + # Split part that I can change from the part that I cannot change my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/); # Display additional options for upload @@ -240,7 +263,7 @@ sub phaseone { } sub phasetwo { - my ($r,$fn,$uname,$udom,$mode)=@_; + my ($r,$fn,$mode)=@_; my $output; my $action = '/adm/upload'; @@ -252,7 +275,7 @@ sub phasetwo { } $fn=~s/\/+/\//g; if ($fn) { - my $target='/home/httpd/html/'.$fn; + my $target= $r->dir_config('lonDocRoot').'/'.$fn; &Debug($r, "target -> ".$target); # target is the full filesystem path of the destination file. my $base = &File::Basename::basename($fn); @@ -260,7 +283,10 @@ sub phasetwo { $base = &HTML::Entities::encode($base,'<>&"'); my $url = $path."/".$base; &Debug($r, "URL is now ".$url); - my $datatoken=$env{'form.datatoken'}; + my $datatoken; + if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) { + $datatoken = $env{'form.datatoken'}; + } if (($fn) && ($datatoken)) { if ($env{'form.cancel'}) { my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; @@ -374,7 +400,7 @@ sub check_extension { if ($pathchg) { if ($mode eq 'testbank') { $returnflag = 'embedded'; - $result .= '

'.&mt('Or [_1]continue[_2] the testbank import without modifying the references(s).','','').'

'; + $result .= '

'.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','','').'

'; } } } @@ -406,8 +432,10 @@ sub phasethree { } my $url_root = "/priv/$udom/$uname"; my $dir_root = $r->dir_config('lonDocRoot').$url_root; - my $url_root = '/priv/'.$udom.'/'.$uname; my $path = &File::Basename::dirname($fn); + $path =~ s{^\Q$url_root\E}{}; + my $dirpath = $url_root.$path.'/'; + $dirpath=~s{/+}{/}g; my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"'); my $state = &embedded_form_elems('modify_orightml',$filename,$mode). ''; @@ -416,9 +444,9 @@ sub phasethree { $dir_root,$url_root,undef, undef,undef,$state,$action); if ($mode ne 'imsimport' && $mode ne 'testbank') { - $result .= '

'. + $result .= '

'. &mt('View main file').'

'. - '

'. + '

'. &mt('Back to Directory').'


'; } return ($result,$returnflag); @@ -446,26 +474,35 @@ sub phasefour { my $url_root = "/priv/$udom/$uname"; my $dir_root = $r->dir_config('lonDocRoot').$url_root; my $path = &File::Basename::dirname($fn); - $result .= &Apache::loncommon::modify_html_refs($mode,$path, - $uname,$udom,$dir_root); + $path =~ s{^\Q$url_root\E}{}; + my $dirpath = $url_root.$path.'/'; + $dirpath=~s{/+}{/}g; + my $outcome = + &Apache::loncommon::modify_html_refs($mode,$path,$uname,$udom,$dir_root); + $result .= $outcome; if ($mode ne 'imsimport' && $mode ne 'testbank') { - $result .= '

'. + $result .= '

'. &mt('View main file').'

'. - '

'. + '

'. &mt('Back to Directory').'


'; } return $result; } +sub earlyout { + my ($fn,$uname,$udom) = @_; + if ($fn =~ m{^(/priv/$udom/$uname(?:.*)/)[^/]*}) { + return &Apache::lonhtmlcommon::actionbox( + [''.&mt('Return to Directory').'']); + } + return; +} + # ---------------------------------------------------------------- Main Handler sub handler { my $r=shift; - - my $uname; - my $udom; my $javascript = ''; - my $fn=$env{'form.filename'}; if ($env{'form.filename1'}) { @@ -479,8 +516,25 @@ sub handler { return HTTP_NOT_FOUND; } + my ($uname,$udom)=&Apache::lonnet::constructaccess($fn); + + unless (($uname) && ($udom)) { + $r->log_reason($uname.' at '.$udom. + ' trying to publish file '.$env{'form.filename'}. + ' - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; + } + +# ----------------------------------------------------------- Start page output + + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + unless ($env{'form.phase'} eq 'two') { - $javascript = qq| + $javascript = <<"ENDJS"; + +ENDJS } - ($uname,$udom)=&Apache::loncacc::constructaccess($fn); - - unless (($uname) && ($udom)) { - $r->log_reason($uname.' at '.$udom. - ' trying to publish file '.$env{'form.filename'}. - ' - not authorized', - $r->filename); - return HTTP_NOT_ACCEPTABLE; - } - -# ----------------------------------------------------------- Start page output - - - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - $javascript = "\n"; + my $londocroot = $r->dir_config('lonDocRoot'); + my $trailfile = $fn; + $trailfile =~ s{^/(priv/)}{$londocroot/$1}; # Breadcrumbs - my $brcrum = [{'href' => &Apache::loncommon::authorspace(), - 'text' => 'Construction Space'}, + my $brcrum = [{'href' => &Apache::loncommon::authorspace($fn), + 'text' => 'Authoring Space'}, {'href' => '/adm/upload', - 'text' => 'Upload file to Construction Space'}]; - $r->print(&Apache::loncommon::start_page('Upload file to Construction Space', + 'text' => 'Upload file to Authoring Space'}]; + $r->print(&Apache::loncommon::start_page('Upload file to Authoring Space', $javascript, {'bread_crumbs' => $brcrum,}) .&Apache::loncommon::head_subbox( - &Apache::loncommon::CSTR_pageheader()) + &Apache::loncommon::CSTR_pageheader($trailfile)) ); if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { @@ -540,10 +582,10 @@ function verifyForm() { my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author'); $r->print($output); } elsif ($env{'form.phase'} eq 'two') { - my ($output,$returnflag) = &phasetwo($r,$fn,$uname,$udom); + my ($output,$returnflag) = &phasetwo($r,$fn); $r->print($output); } else { - &phaseone($r,$fn,$uname,$udom); + &phaseone($r,$fn,undef,$uname,$udom); } $r->print(&Apache::loncommon::end_page());