Annotation of loncom/publisher/lonupload.pm, revision 1.71

1.1       www         1: # The LearningOnline Network with CAPA
                      2: # Handler to upload files into construction space
                      3: #
1.71    ! raeburn     4: # $Id: lonupload.pm,v 1.70 2019/03/06 03:39:54 raeburn Exp $
1.8       matthew     5: #
                      6: # Copyright Michigan State University Board of Trustees
                      7: #
                      8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                      9: #
                     10: # LON-CAPA is free software; you can redistribute it and/or modify
                     11: # it under the terms of the GNU General Public License as published by
                     12: # the Free Software Foundation; either version 2 of the License, or
                     13: # (at your option) any later version.
                     14: #
                     15: # LON-CAPA is distributed in the hope that it will be useful,
                     16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     18: # GNU General Public License for more details.
                     19: #
                     20: # You should have received a copy of the GNU General Public License
                     21: # along with LON-CAPA; if not, write to the Free Software
                     22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     23: #
                     24: # /home/httpd/html/adm/gpl.txt
                     25: #
                     26: # http://www.lon-capa.org/
                     27: #
1.10      harris41   28: ###
1.1       www        29: 
1.39      jms        30: =head1 NAME
                     31: 
                     32: Apache::lonupload - upload files into construction space
                     33: 
                     34: =head1 SYNOPSIS
                     35: 
                     36: Invoked by /etc/httpd/conf/srm.conf:
                     37: 
                     38:  <Location /adm/upload>
                     39:  PerlAccessHandler       Apache::lonacc
                     40:  SetHandler perl-script
                     41:  PerlHandler Apache::lonupload
                     42:  ErrorDocument     403 /adm/login
                     43:  ErrorDocument     404 /adm/notfound.html
                     44:  ErrorDocument     406 /adm/unauthorized.html
                     45:  ErrorDocument	  500 /adm/errorhandler
                     46:  </Location>
                     47: 
                     48: =head1 INTRODUCTION
                     49: 
                     50: This module uploads a file sitting on a client computer into 
                     51: library server construction space.
                     52: 
                     53: This is part of the LearningOnline Network with CAPA project
                     54: described at http://www.lon-capa.org.
                     55: 
                     56: =head1 HANDLER SUBROUTINE
                     57: 
                     58: This routine is called by Apache and mod_perl.
                     59: 
                     60: =over 4
                     61: 
                     62: =item *
                     63: 
                     64: Initialize variables
                     65: 
                     66: =item *
                     67: 
                     68: Start page output
                     69: 
                     70: =item *
                     71: 
1.51      raeburn    72: output relevant interface phase (phaseone, phasetwo, phasethree or phasefour)
1.39      jms        73: 
                     74: =item *
                     75: 
                     76: (phase one is to specify upload file; phase two is to handle conditions
                     77: subsequent to specification--like overwriting an existing file; phase three
                     78: is to handle processing of secondary uploads - of embedded objects in an
                     79: html file).
                     80: 
                     81: =back
                     82: 
                     83: =head1 OTHER SUBROUTINES
                     84: 
1.40      jms        85: =over
1.39      jms        86: 
1.40      jms        87: =item phaseone()
1.39      jms        88: 
1.40      jms        89: Interface for specifying file to upload.
1.39      jms        90: 
1.40      jms        91: =item phasetwo()
1.39      jms        92: 
1.40      jms        93: Interface for handling post-conditions about uploading (such
1.39      jms        94: as overwriting an existing file).
                     95: 
1.40      jms        96: =item phasethree()
1.39      jms        97: 
1.40      jms        98: Interface for handling secondary uploads of embedded objects
1.39      jms        99: in an html file.
                    100: 
1.51      raeburn   101: =item phasefour()
                    102: 
                    103: Interface for handling optional renaming of links to embedded
                    104: objects. 
                    105: 
1.40      jms       106: =item upfile_store()
1.39      jms       107: 
1.40      jms       108: Store contents of uploaded file into temporary space.  Invoked
1.39      jms       109: by phaseone subroutine.
                    110: 
1.40      jms       111: =item check_extension()
1.39      jms       112: 
1.40      jms       113: Checks if filename extension is permitted and checks type
1.39      jms       114:  of file - if html file, calls parser to check for embedded objects.
                    115:  Invoked by phasetwo subroutine.
                    116: 
                    117: =back
                    118: 
                    119: =cut
                    120: 
1.1       www       121: package Apache::lonupload;
                    122: 
                    123: use strict;
                    124: use Apache::File;
                    125: use File::Copy;
1.13      foxr      126: use File::Basename;
1.1       www       127: use Apache::Constants qw(:common :http :methods);
1.10      harris41  128: use Apache::loncommon();
1.13      foxr      129: use Apache::lonnet;
1.14      foxr      130: use HTML::Entities();
1.20      www       131: use Apache::lonlocal;
1.29      albertel  132: use Apache::lonnet;
1.68      raeburn   133: use LONCAPA qw(:DEFAULT :match);
1.12      foxr      134: 
                    135: my $DEBUG=0;
                    136: 
                    137: sub Debug {
1.30      albertel  138:     # Put out the indicated message but only if DEBUG is true.
1.22      albertel  139:     if ($DEBUG) {
1.30      albertel  140: 	my ($r,$message) = @_;
                    141: 	$r->log_reason($message);
1.22      albertel  142:     }
1.12      foxr      143: }
1.1       www       144: 
1.2       www       145: sub upfile_store {
                    146:     my $r=shift;
                    147: 	
1.29      albertel  148:     my $fname=$env{'form.upfile.filename'};
1.2       www       149:     $fname=~s/\W//g;
                    150:     
1.29      albertel  151:     chomp($env{'form.upfile'});
1.1       www       152:   
1.68      raeburn   153:     my $datatoken;
                    154:     if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
                    155:         $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
                    156:                    '_upload_'.$fname.'_'.time.'_'.$$;
                    157:     }
                    158:     return if ($datatoken eq '');
1.2       www       159:     {
                    160:        my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
                    161:                                    '/tmp/'.$datatoken.'.tmp');
1.29      albertel  162:        print $fh $env{'form.upfile'};
1.1       www       163:     }
1.2       www       164:     return $datatoken;
                    165: }
                    166: 
                    167: sub phaseone {
1.63      raeburn   168:     my ($r,$fn,$mode,$uname,$udom)=@_;
1.25      raeburn   169:     my $action = '/adm/upload';
                    170:     if ($mode eq 'testbank') {
                    171:         $action = '/adm/testbank';
                    172:     } elsif ($mode eq 'imsimport') {
                    173:         $action = '/adm/imsimport';
                    174:     }
1.49      bisitz    175: 
                    176:     # Check for file to be uploaded
1.29      albertel  177:     $env{'form.upfile.filename'}=~s/\\/\//g;
                    178:     $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
1.69      raeburn   179:     $env{'form.upfile.filename'}=~s/(\s+$|^\s+)//g;
1.49      bisitz    180:     if (!$env{'form.upfile.filename'}) {
1.63      raeburn   181:         $r->print('<p class="LC_warning">'.&mt('No upload file specified.').'</p>'.
                    182:                   &earlyout($fn,$uname,$udom));
1.49      bisitz    183:         return;
                    184:     }
                    185: 
1.55      www       186:     # Append the name of the uploaded file
1.49      bisitz    187:     $fn.=$env{'form.upfile.filename'};
                    188:     $fn=~s/(\/)+/\//g;
                    189: 
                    190:     # Check for illegal filename
                    191:     &Debug($r, "Filename for upload: $fn");
                    192:     if (!(($fn) && ($fn!~/\/$/))) {
                    193:         $r->print('<p class="LC_warning">'.&mt('Illegal filename.').'</p>');
                    194:         return;
                    195:     }
1.63      raeburn   196:     # Check if quota exceeded
                    197:     my $filesize = length($env{'form.upfile'});
                    198:     if (!$filesize) {
                    199:         $r->print('<p class="LC_warning">'.
                    200:                   &mt('Unable to upload [_1]. (size = [_2] bytes)',
                    201:                       '<span class="LC_filename">'.$env{'form.upfile.filename'}.'</span>',
                    202:                       $filesize).'<br />'.
                    203:                   &mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'<br />'.
                    204:                   '</p>'.
                    205:                   &earlyout($fn,$uname,$udom));
                    206:         return;
                    207:     }
                    208:     $filesize = int($filesize/1000); #expressed in kb
1.65      raeburn   209:     my $output = &Apache::loncommon::excess_filesize_warning($uname,$udom,'author',
                    210:                                                              $env{'form.upfile.filename'},$filesize,'upload');
1.64      raeburn   211:     if ($output) {
                    212:         $r->print($output.&earlyout($fn,$uname,$udom));
1.63      raeburn   213:         return;
                    214:     }
1.64      raeburn   215: 
1.55      www       216: # Split part that I can change from the part that I cannot change
                    217:     my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
1.69      raeburn   218: # Check for pattern: .number.extension which is reserved for LON-CAPA versioning. 
                    219: # Check for disallowed characters: #?&%:<>`|, and remove
                    220:     if ($fn2 ne '') {
                    221:         ($fn2,my $warning) = &check_filename($fn2);
                    222:         if ($warning ne '') {
                    223:             $r->print($warning);
                    224:         }
                    225:     }
1.49      bisitz    226:     # Display additional options for upload
                    227:     # and upload button
                    228:     $r->print(
                    229:         '<form action="'.$action.'" method="post" name="fileupload">'
                    230:        .'<input type="hidden" name="phase" value="two" />'
                    231:        .'<input type="hidden" name="datatoken" value="'.&upfile_store.'" />'
                    232:     );
                    233:     $r->print(
                    234:         &Apache::lonhtmlcommon::start_pick_box()
                    235:        .&Apache::lonhtmlcommon::row_title(&mt('Save uploaded file as'))
1.55      www       236:        .'<span class="LC_filename">'.$fn1.'</span>'
                    237:        .'<input type="hidden" name="filename1" value="'.$fn1.'" />'
                    238:        .'<input type="text" size="50" name="filename2" value="'.$fn2.'" />'
1.49      bisitz    239:        .&Apache::lonhtmlcommon::row_closure()
                    240:        .&Apache::lonhtmlcommon::row_title(&mt('File Type'))
                    241:        .'<select name="filetype">'
                    242:        .'<option value="standard" selected="selected">'.&mt('Regular file').'</option>'
                    243:        .'<option value="testbank">'.&mt('Testbank file').'</option>'
                    244:        .'<option value="imsimport">'.&mt('IMS package').'</option>'
                    245:        .'</select>'.&Apache::loncommon::help_open_topic("Uploading_File_Options")
                    246:        .&Apache::lonhtmlcommon::row_closure(1)
                    247:        .&Apache::lonhtmlcommon::end_pick_box()
                    248:     );
                    249:     $r->print(
                    250:         '<p>'
                    251:        .'<input type="button" value="'.&mt('Upload').'" onclick="javascript:verifyForm()"/>'
                    252:        .'</p>'
                    253:        .'</form>'
                    254:     );
1.13      foxr      255: 
1.49      bisitz    256:    # Check for bad extension and warn user
                    257:     if ($fn=~/\.(\w+)$/ && 
                    258:         (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
1.41      bisitz    259:                 $r->print('<p class="LC_error">'
1.49      bisitz    260:                           .&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
                    261:                                '<span class="LC_filename">'.$1.'</span>')
1.41      bisitz    262:                           .' <br />'.&mt('Please change the extension.')
                    263:                           .'</p>');
1.49      bisitz    264:     } elsif($fn=~/\.(\w+)$/ && 
                    265:                     !defined(&Apache::loncommon::fileembstyle($1))) {
1.41      bisitz    266:                 $r->print('<p class="LC_error">'
1.49      bisitz    267:                          .&mt('The extension on this file, [_1], is not recognized by LON-CAPA.',
                    268:                               '<span class="LC_filename">'.$1.'</span>')
1.41      bisitz    269:                          .' <br />'.&mt('Please change the extension.')
                    270:                          .'</p>');
1.22      albertel  271:     }
1.1       www       272: }
                    273: 
                    274: sub phasetwo {
1.58      raeburn   275:     my ($r,$fn,$mode)=@_;
1.55      www       276: 
1.37      raeburn   277:     my $output;
1.25      raeburn   278:     my $action = '/adm/upload';
                    279:     my $returnflag = '';
                    280:     if ($mode eq 'testbank') {
                    281:         $action = '/adm/testbank';
                    282:     } elsif ($mode eq 'imsimport') {
                    283:         $action = '/adm/imsimport';
                    284:     }
1.22      albertel  285:     $fn=~s/\/+/\//g;
1.55      www       286:     if ($fn) {
1.58      raeburn   287: 	my $target= $r->dir_config('lonDocRoot').'/'.$fn;
1.22      albertel  288: 	&Debug($r, "target -> ".$target);
1.13      foxr      289: #     target is the full filesystem path of the destination file.
1.22      albertel  290: 	my $base = &File::Basename::basename($fn);
                    291: 	my $path = &File::Basename::dirname($fn);
1.26      albertel  292: 	$base    = &HTML::Entities::encode($base,'<>&"');
1.69      raeburn   293: 	my $url  = $path."/".$base;
1.22      albertel  294: 	&Debug($r, "URL is now ".$url);
1.68      raeburn   295: 	my $datatoken;
                    296:         if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
                    297:             $datatoken = $env{'form.datatoken'};
                    298:         }
1.22      albertel  299: 	if (($fn) && ($datatoken)) {
1.36      www       300:             if ($env{'form.cancel'}) {
                    301:                 my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
                    302:                 my $dirpath=$path.'/';
                    303:                 $dirpath=~s/\/+/\//g;
1.49      bisitz    304:                 $output .= '<p class="LC_warning">'.&mt('Upload cancelled.').'</p>'
                    305:                           .'<p><a href="'.$dirpath.'">'.
                    306:                           &mt('Back to Directory').'</a></p>';
                    307:             } elsif ((-e $target) && (!$env{'form.override'})) {
                    308:                 $output .= '<form action="'.$action.'" method="post">'
                    309:                           .'<p class="LC_warning">'
                    310:                           .&mt('File [_1] already exists.',
                    311:                                '<span class="LC_filename">'.$fn.'</span>')
                    312:                          .'<input type="hidden" name="phase" value="two" />'
                    313:                          .'<input type="hidden" name="filename" value="'.$url.'" />'
                    314:                          .'<input type="hidden" name="datatoken" value="'.$datatoken.'" />'
                    315:                          .'<p>'
                    316:                          .'<input type="submit" name="cancel" value="'.&mt('Cancel').'" />'
                    317:                          .' <input type="submit" name="override" value="'.&mt('Overwrite').'" />'
                    318:                          .'</p>'
                    319:                          .'</form>';
1.36      www       320:             } else {
1.22      albertel  321: 		my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
1.27      www       322: 		my $dirpath=$path.'/';
                    323: 		$dirpath=~s/\/+/\//g;
1.22      albertel  324: 		# Check for bad extension and disallow upload
1.37      raeburn   325:                 my $result;
                    326:                 ($result,$returnflag) = &check_extension($fn,$mode,$source,$target,$action,$dirpath,$url);
                    327:                 $output .= $result;
1.22      albertel  328: 	    }
                    329: 	} else {
1.37      raeburn   330: 	    $output .= '<span class="LC_error">'.
1.22      albertel  331: 		      &mt('Please use browser "Back" button and pick a filename').
1.37      raeburn   332: 		      '</span><br />';
1.22      albertel  333: 	}
1.1       www       334:     } else {
1.37      raeburn   335: 	$output .= '<span class="LC_error">'.
                    336: 		   &mt('Please use browser "Back" button and pick a filename').
                    337: 		   '</span><br />';
                    338:     }
                    339:     return ($output,$returnflag);
                    340: }
                    341: 
                    342: sub check_extension {
                    343:     my ($fn,$mode,$source,$target,$action,$dirpath,$url) = @_;
                    344:     my ($result,$returnflag);
                    345:     # Check for bad extension and disallow upload
                    346:     if ($fn=~/\.(\w+)$/ &&
                    347:         (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
1.49      bisitz    348:         $result .= '<p class="LC_warning">'.
                    349:                    &mt('File [_1] could not be copied.',
                    350:                        '<span class="LC_filename">'.$fn.'</span> ').
                    351:                    '<br />'.
                    352:                    &mt('The extension on this file is reserved internally by LON-CAPA.').
                    353:                    '</p>';
1.37      raeburn   354:     } elsif ($fn=~/\.(\w+)$/ &&
                    355:              !defined(&Apache::loncommon::fileembstyle($1))) {
1.49      bisitz    356:         $result .= '<p class="LC_warning">'.
                    357:                    &mt('File [_1] could not be copied.',
                    358:                        '<span class="LC_filename">'.$fn.'</span> ').
                    359:                    '<br />'.
                    360:                    &mt('The extension on this file is not recognized by LON-CAPA.').
                    361:                    '</p>';
1.37      raeburn   362:     } elsif (-d $target) {
1.49      bisitz    363:         $result .= '<p class="LC_warning">'.
                    364:                    &mt('File [_1] could not be copied.',
                    365:                        '<span class="LC_filename">'.$fn.'</span>').
                    366:                    '<br />'.
                    367:                    &mt('The target is an existing directory.').
                    368:                    '</p>';
1.37      raeburn   369:     } elsif (copy($source,$target)) {
                    370:         chmod(0660, $target); # Set permissions to rw-rw---.
                    371:         if ($mode eq 'testbank' || $mode eq 'imsimport') {
                    372:             $returnflag = 'ok';
1.49      bisitz    373:             $result .= '<p class="LC_success">'
                    374:                       .&mt('Your file - [_1] - was uploaded successfully.',
                    375:                            '<span class="LC_filename">'.$fn.'<span>')
                    376:                       .'</p>';
1.37      raeburn   377:         } else {
1.49      bisitz    378:             $result .= '<p class="LC_success">'
                    379:                       .&mt('File copied.')  
                    380:                       .'</p>';
1.37      raeburn   381:         }
                    382:         # Check for embedded objects.
                    383:         my (%allfiles,%codebase);
                    384:         my ($text,$header,$css,$js);
                    385:         if (($mode ne 'imsimport') && ($target =~ /\.(htm|html|shtml)$/i)) {
                    386:             my (%allfiles,%codebase);
                    387:             &Apache::lonnet::extract_embedded_items($target,\%allfiles,\%codebase);
                    388:             if (keys(%allfiles) > 0) {
1.50      raeburn   389:                 my ($currentpath) = ($url =~ m{^(.+)/[^/]+$});
1.51      raeburn   390:                 my $state = &embedded_form_elems('upload_embedded',$url,$mode);
                    391:                 my ($embedded,$num,$pathchg) = 
                    392:                     &Apache::loncommon::ask_for_embedded_content($action,$state,\%allfiles,
                    393:                                                                  \%codebase,
                    394:                                                                  {'error_on_invalid_names'   => 1,
                    395:                                                                   'ignore_remote_references' => 1,
                    396:                                                                   'current_path'             => $currentpath});
1.50      raeburn   397:                 if ($embedded) {
1.51      raeburn   398:                     $result .= '<h3>'.&mt('Reference Warning').'</h3>';
                    399:                     if ($num) {
                    400:                         $result .= '<p>'.&mt('Completed upload of the file.').' '.&mt('This file contained references to other files.').'</p>'.
                    401:                                    '<p>'.&mt('Please select the locations from which the referenced files are to be uploaded.').'</p>'.
                    402:                                    $embedded;
                    403:                         if ($mode eq 'testbank') {
                    404:                             $returnflag = 'embedded';
                    405:                             $result .=  '<p>'.&mt('Or [_1]continue[_2] the testbank import without these files.','<a href="javascript:document.testbankForm.submit();">','</a>').'</p>';
                    406:                         }
                    407:                     } else {
                    408:                         $result .= '<p>'.&mt('Completed upload of the file.').'</p>'.$embedded;
                    409:                         if ($pathchg) {
                    410:                             if ($mode eq 'testbank') {
                    411:                                 $returnflag = 'embedded';
1.66      bisitz    412:                                 $result .=  '<p>'.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','<a href="javascript:document.testbankForm.submit();">','</a>').'</p>';
1.51      raeburn   413:                             }
                    414:                         }
                    415:                     }
1.37      raeburn   416:                 }
                    417:             }
                    418:         }
                    419:         if (($mode ne 'imsimport') && ($mode ne 'testbank')) {
1.49      bisitz    420:             $result .= '<br /><a href="'.$url.'">'.
                    421:                         &mt('View file').'</a>';
1.37      raeburn   422:         }
                    423:     } else {
                    424:         $result .= &mt('Failed to copy: [_1].',$!);
                    425:     }
                    426:     if ($mode ne 'imsimport' && $mode ne 'testbank') {
1.49      bisitz    427:         $result .= '<br /><a href="'.$dirpath.'">'.
                    428:                    &mt('Back to Directory').'</a><br />';
1.37      raeburn   429:     }
                    430:     return ($result,$returnflag);
                    431: }
                    432: 
1.69      raeburn   433: sub check_filename {
                    434:     my ($fname) = @_;
                    435:     my $warning;
                    436:     if ($fname =~/[#\?&%":<>`|]/) {
                    437:         $fname =~s/[#\?&%":<>`|]//g;
                    438:         $warning .= '<p class="LC_warning">'
                    439:                    .&mt('Removed one or more disallowed characters from filename')
                    440:                    .'</p>';
                    441:     }
                    442:     if ($fname=~ /\.(\d+)\.(\w+)$/) {
                    443:         my $num = $1;
                    444:         $warning .= '<p class="LC_warning">'
                    445:                    .&mt('Bad filename [_1]','<span class="LC_filename">'.$fname.'</span>')
                    446:                    .'<br />'
                    447:                    .&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
                    448:                    .'<br />'
                    449:                    .&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','<tt>','</tt>')
                    450:                    .'</p>';
                    451:         if ($num eq '0') {
                    452:             $fname =~ s/\.(\d+)(\.\w+)$/_A$2/;
                    453:         } else {
                    454:             my $letts = '';
                    455:             my %digletter = reverse &Apache::lonnet::letter_to_digits();
                    456:             if ($num >= 100) {
                    457:                 $num = substr($num,-2);
                    458:             }
                    459:             foreach my $digit (split('',$num)) {
                    460:                 $letts .= $digletter{$digit};
                    461:             }
                    462:             $fname =~ s/\.(\d+)(\.\w+)$/_$letts$2/;
                    463:         }
                    464:     }
                    465:     if ($fname =~/___/) {
                    466:         $fname =~s/_+/_/g;
                    467:         $warning .= '<p class="LC_warning">'
                    468:                     .&mt('Changed ___ to a single _ in filename')
                    469:                     .'</p>';
                    470:     }
                    471:     return ($fname,$warning);
                    472: }
                    473: 
1.37      raeburn   474: sub phasethree {
                    475:     my ($r,$fn,$uname,$udom,$mode) = @_;
1.55      www       476: 
1.51      raeburn   477:     my $action = '/adm/upload'; 
                    478:     if ($mode eq 'testbank') {
                    479:         $action = '/adm/testbank';
                    480:     } elsif ($mode eq 'imsimport') {
                    481:         $action = '/adm/imsimport';
                    482:     }
1.56      raeburn   483:     my $url_root = "/priv/$udom/$uname";
                    484:     my $dir_root = $r->dir_config('lonDocRoot').$url_root;
1.51      raeburn   485:     my $path = &File::Basename::dirname($fn);
1.58      raeburn   486:     $path =~ s{^\Q$url_root\E}{};
1.67      raeburn   487:     my $dirpath = $url_root.$path.'/';
                    488:     $dirpath=~s{/+}{/}g;
1.51      raeburn   489:     my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"');
                    490:     my $state = &embedded_form_elems('modify_orightml',$filename,$mode).
                    491:                 '<input type="hidden" name="phase" value="four" />';
                    492:     my ($result,$returnflag) = 
                    493:         &Apache::loncommon::upload_embedded($mode,$path,$uname,$udom,
                    494:                                             $dir_root,$url_root,undef,
                    495:                                             undef,undef,$state,$action);
                    496:     if ($mode ne 'imsimport' && $mode ne 'testbank') {
1.58      raeburn   497:         $result .= '<br /><h3><a href="'.$fn.'">'.
1.51      raeburn   498:                   &mt('View main file').'</a></h3>'.
1.67      raeburn   499:                   '<h3><a href="'.$dirpath.'">'.
1.51      raeburn   500:                   &mt('Back to Directory').'</a></h3><br />';
                    501:     }
                    502:     return ($result,$returnflag);
                    503: }
                    504: 
                    505: sub embedded_form_elems {
                    506:     my ($action,$filename,$mode) = @_;
                    507:     return <<STATE;
                    508:     <input type="hidden" name="action" value="$action" />
                    509:     <input type="hidden" name="mode" value="$mode" />
                    510:     <input type="hidden" name="filename" value="$filename" />
                    511: STATE
                    512: }
                    513: 
                    514: sub phasefour {
                    515:     my ($r,$fn,$uname,$udom,$mode) = @_;
1.55      www       516: 
1.51      raeburn   517:     my $action = '/adm/upload';
                    518:     if ($mode eq 'testbank') {
                    519:         $action = '/adm/testbank';
                    520:     } elsif ($mode eq 'imsimport') {
                    521:         $action = '/adm/imsimport';
                    522:     }
1.37      raeburn   523:     my $result;
1.56      raeburn   524:     my $url_root = "/priv/$udom/$uname";
                    525:     my $dir_root = $r->dir_config('lonDocRoot').$url_root;
1.37      raeburn   526:     my $path = &File::Basename::dirname($fn);
1.58      raeburn   527:     $path =~ s{^\Q$url_root\E}{};
1.67      raeburn   528:     my $dirpath = $url_root.$path.'/';
                    529:     $dirpath=~s{/+}{/}g;
1.60      raeburn   530:     my $outcome = 
                    531:         &Apache::loncommon::modify_html_refs($mode,$path,$uname,$udom,$dir_root);
                    532:     $result .= $outcome;
1.37      raeburn   533:     if ($mode ne 'imsimport' && $mode ne 'testbank') {
1.58      raeburn   534:         $result .= '<br /><h3><a href="'.$fn.'">'.
1.51      raeburn   535:                   &mt('View main file').'</a></h3>'.
1.67      raeburn   536:                   '<h3><a href="'.$dirpath.'">'.
1.51      raeburn   537:                   &mt('Back to Directory').'</a></h3><br />';
1.1       www       538:     }
1.37      raeburn   539:     return $result;
1.1       www       540: }
                    541: 
1.63      raeburn   542: sub earlyout {
                    543:     my ($fn,$uname,$udom) = @_;
                    544:     if ($fn =~ m{^(/priv/$udom/$uname(?:.*)/)[^/]*}) {
                    545:         return &Apache::lonhtmlcommon::actionbox(
                    546:                ['<a href="'.$1.'">'.&mt('Return to Directory').'</a>']);
                    547:     }
                    548:     return;
                    549: }
                    550: 
1.10      harris41  551: # ---------------------------------------------------------------- Main Handler
1.1       www       552: sub handler {
                    553: 
1.22      albertel  554:     my $r=shift;
1.25      raeburn   555:     my $javascript = '';
1.69      raeburn   556:     my $fn;
                    557:     my $warning;
1.55      www       558: 
                    559:     if ($env{'form.filename1'}) {
1.69      raeburn   560:         my $fn1 = $env{'form.filename1'};
                    561:         my $fn2 = $env{'form.filename2'};
                    562:         $fn2 =~ s/(\s+$|^\s+)//g;
                    563:         $fn2 =~ s/\/+/\//g;
                    564:         ($fn2,$warning) = &check_filename($fn2);
                    565:         $fn = $fn1.$fn2;
                    566:     } else {
                    567:         $fn = $env{'form.filename'};
1.55      www       568:     }
                    569:     $fn=~s/\/+/\//g;
1.70      raeburn   570:     if ($fn =~ m{/\.\./}) {
                    571:         $warning .= '<p class="LC_warning">'
                    572:                    .&mt('Path modified as a result of one or more instances of /../')
                    573:                    .'</p>';
                    574:         while ($fn =~ m{/\.\./}) {
                    575:             $fn =~ s{/[^/]+/\.\./}{/}g;
                    576:         }
                    577:     }
1.55      www       578: 
                    579:     unless ($fn) {
                    580:         $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
                    581:                        ' unspecified filename for upload', $r->filename);
                    582:         return HTTP_NOT_FOUND;
1.22      albertel  583:     }
                    584: 
1.61      raeburn   585:     my ($uname,$udom)=&Apache::lonnet::constructaccess($fn);
1.58      raeburn   586: 
                    587:     unless (($uname) && ($udom)) {
1.69      raeburn   588:         $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
                    589:                        ' trying to upload file '.$fn.
1.58      raeburn   590:                        ' - not authorized',
                    591:                        $r->filename);
                    592:         return HTTP_NOT_ACCEPTABLE;
                    593:     }
                    594: 
                    595: # ----------------------------------------------------------- Start page output
                    596: 
                    597:     &Apache::loncommon::content_type($r,'text/html');
                    598:     $r->send_http_header;
                    599: 
1.29      albertel  600:     unless ($env{'form.phase'} eq 'two') {
1.58      raeburn   601:         $javascript = <<"ENDJS";
                    602: <script type="text/javascript">
                    603: // <![CDATA[
1.25      raeburn   604: function verifyForm() {
1.28      raeburn   605:     var mode = document.fileupload.filetype.options[document.fileupload.filetype.selectedIndex].value
1.25      raeburn   606:     if (mode == "testbank") {
1.28      raeburn   607:         document.fileupload.action = "/adm/testbank";
1.25      raeburn   608:     }
                    609:     if (mode == "imsimport") {
1.28      raeburn   610:         document.fileupload.action = "/adm/imsimport";
1.25      raeburn   611:     }
                    612:     if (mode == "standard") {
1.28      raeburn   613:         document.fileupload.action = "/adm/upload";
1.25      raeburn   614:     }
1.28      raeburn   615:     document.fileupload.submit();
1.25      raeburn   616: }
1.58      raeburn   617: // ]]>
                    618: </script>
                    619: ENDJS
1.25      raeburn   620:     }
1.1       www       621: 
1.58      raeburn   622:     my $londocroot = $r->dir_config('lonDocRoot');
                    623:     my $trailfile = $fn;
                    624:     $trailfile =~ s{^/(priv/)}{$londocroot/$1};
1.1       www       625: 
1.47      bisitz    626:     # Breadcrumbs
1.71    ! raeburn   627:     my $text = 'Authoring Space';
        !           628:     my $href = &Apache::loncommon::authorspace($fn);
        !           629:     my $crsauthor;
        !           630:     if ($env{'request.course.id'}) {
        !           631:         my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
        !           632:         my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
        !           633:         if ($href eq "/priv/$cdom/$cnum/") {
        !           634:             $text = 'Course Authoring Space';
        !           635:             $crsauthor = 1;
        !           636:         }
        !           637:     }
        !           638:     my $brcrum = [{'href' => $href,
        !           639:                    'text' => $text},
1.47      bisitz    640:                   {'href' => '/adm/upload',
1.71    ! raeburn   641:                    'text' => 'Upload file to '.$text}];
        !           642:     $r->print(&Apache::loncommon::start_page('Upload file to '.$text,
1.47      bisitz    643:                                              $javascript,
                    644:                                              {'bread_crumbs' => $brcrum,})
                    645:              .&Apache::loncommon::head_subbox(
1.58      raeburn   646:                 &Apache::loncommon::CSTR_pageheader($trailfile))
1.47      bisitz    647:     );
1.71    ! raeburn   648: 
        !           649:     unless ($crsauthor) {
        !           650:         if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) {
        !           651:             $r->print('<p class="LC_info">'
        !           652:                      .&mt('Co-Author [_1]',$uname.':'.$udom)
        !           653:                      .'</p>'
        !           654:             );
        !           655:         }
1.22      albertel  656:     }
1.69      raeburn   657:     if ($warning) {
                    658:         $r->print($warning);
                    659:     }
1.51      raeburn   660:     if ($env{'form.phase'} eq 'four') {
                    661:         my $output = &phasefour($r,$fn,$uname,$udom,'author');
                    662:         $r->print($output);
                    663:     } elsif ($env{'form.phase'} eq 'three') {
1.53      raeburn   664:         my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author');
1.37      raeburn   665:         $r->print($output);
                    666:     } elsif ($env{'form.phase'} eq 'two') {
1.58      raeburn   667: 	my ($output,$returnflag) = &phasetwo($r,$fn);
1.37      raeburn   668:         $r->print($output);
1.22      albertel  669:     } else {
1.63      raeburn   670: 	&phaseone($r,$fn,undef,$uname,$udom);
1.22      albertel  671:     }
1.1       www       672: 
1.31      albertel  673:     $r->print(&Apache::loncommon::end_page());
1.69      raeburn   674:     return OK;
1.1       www       675: }
1.7       www       676: 
                    677: 1;
                    678: __END__
1.10      harris41  679: 
                    680: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>