Return to lonupload.pm CVS log

Up to [LON-CAPA] / loncom / publisher

Phase 2:

* returning to phase 1 could never have worked correctly; eliminated.

* did not check if target was an existing directory, and changed mode of
  parent directory to "rw-rw" overriding the "x"; put in checking.

# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
# $Id: lonupload.pm,v 1.19 2003/08/04 18:22:55 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
###

package Apache::lonupload;

use strict;
use Apache::File;
use File::Copy;
use File::Basename;
use Apache::Constants qw(:common :http :methods);
use Apache::loncacc;
use Apache::loncommon();
use Apache::Log();
use Apache::lonnet;
use HTML::Entities();

my $DEBUG=0;

sub Debug {
  
  # Marshall the parameters.
  
  my $r       = shift;
  my $log     = $r->log;
  my $message = shift;
  
  # Put out the indicated message butonly if DEBUG is false.
  
  if ($DEBUG) {
    $log->debug($message);
  }
}

sub upfile_store {
    my $r=shift;
	
    my $fname=$ENV{'form.upfile.filename'};
    $fname=~s/\W//g;
    
    chomp($ENV{'form.upfile'});
  
    my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}.
		  '_upload_'.$fname.'_'.time.'_'.$$;
    {
       my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
                                   '/tmp/'.$datatoken.'.tmp');
       print $fh $ENV{'form.upfile'};
    }
    return $datatoken;
}


sub phaseone {
   my ($r,$fn,$uname,$udom)=@_;
   $ENV{'form.upfile.filename'}=~s/\\/\//g;
   $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
   if ($ENV{'form.upfile.filename'}) {
    $fn=~s/\/[^\/]+$//;
    $fn=~s/([^\/])$/$1\//;
    $fn.=$ENV{'form.upfile.filename'};
    $fn=~s/^\///;
    $fn=~s/(\/)+/\//g;

#    Fn is the full path to the destination filename.
#    

    &Debug($r, "Filename for upload: $fn");
    if (($fn) && ($fn!~/\/$/)) {
      $r->print(
 '<form action=/adm/upload method=post>'.
 '<input type=hidden name=phase value=two>'.
 '<input type=hidden name=datatoken value="'.&upfile_store.'">'.
 '<input type=hidden name=uploaduname value="'.$uname.'">'.
 'Store uploaded file as '.
 '<input type=text size=50 name=filename value="'.$fn.'"><br>'.
 '<input type=submit value="Store"></form>');
      # Check for bad extension and warn user
      if ($fn=~/\.(\w+)$/ && 
	  (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
	  $r->print(
 '<font color=red>'.
 'The extension on this file, "'.$1.
 '", is reserved internally by LON-CAPA. <br \>'.
 'Please change the extension.'.
 '</font>');
      } elsif($fn=~/\.(\w+)$/ && 
	      !defined(&Apache::loncommon::fileembstyle($1))) {
	  $r->print(
 '<font color=red>'.
 'The extension on this file, "'.$1.
 '", is not recognized by LON-CAPA. <br \>'.
 'Please change the extension.'.
 '</font>');
      }
  } else {
      $r->print('<font color=red>Illegal filename.</font>');
  }
 } else {
     $r->print('<font color=red>No upload file specified.</font>');
 }
}

sub phasetwo {
   my ($r,$tfn,$uname,$udom)=@_;
   my $fn='/priv/'.$uname.'/'.$tfn;
   $fn=~s/\/+/\//g;
   &Debug($r, "Filename is ".$tfn);
   if ($tfn) {
    &Debug($r, "Filename for tfn = ".$tfn);
    my $target='/home/'.$uname.'/public_html'.$tfn;
    &Debug($r, "target -> ".$target);
#     target is the full filesystem path of the destination file.
    my $base = &File::Basename::basename($fn);
    my $path = &File::Basename::dirname($fn);
    $base    = &HTML::Entities::encode($base);
    my $url  = $path."/".$base; 
    &Debug($r, "URL is now ".$url);
    my $datatoken=$ENV{'form.datatoken'};
    if (($fn) && ($datatoken)) {
	if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
           $r->print(
 '<form action=/adm/upload method=post>'.
 'File <tt>'.$fn.'</tt> exists. Overwrite? '.
 '<input type=hidden name=phase value=two>'.
 '<input type=hidden name=filename value="'."$url".'">'.
 '<input type=hidden name=datatoken value="'.$datatoken.'">'.
 '<input type=submit name=override value="Yes"></form>');
       } else {
           my $source=$r->dir_config('lonDaemons').
	                             '/tmp/'.$datatoken.'.tmp';
           # Check for bad extension and disallow upload
	   if ($fn=~/\.(\w+)$/ && 
	       (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
	       $r->print(
 'File <tt>'.$fn.'</tt> could not be copied.<br />'.
 '<font color=red>'.
 'The extension on this file is reserved internally by LON-CAPA.'.
 '</font>');
              $r->print('<p><font size=+2><a href="'.$path.
                        '">Back to Directory</a></font>');
	   } elsif ($fn=~/\.(\w+)$/ && 
		    !defined(&Apache::loncommon::fileembstyle($1))) {
	       $r->print(
 'File <tt>'.$fn.'</tt> could not be copied.<br />'.
 '<font color=red>'.
 'The extension on this file is not recognized by LON-CAPA.'.
 '</font>');
	       $r->print('<p><font size=+2><a href="'.$path.
                        '">Back to Directory</a></font>');
	   } elsif (-d $target) {
	       $r->print(
 'File <tt>'.$fn.'</tt> could not be copied.<br />'.
 '<font color=red>'.
 'The target is an existing directory.'.
 '</font>');
	       $r->print('<p><font size=+2><a href="'.$path.
                        '">Back to Directory</a></font>');
	   } elsif (copy($source,$target)) {
	       chmod(0660, $target); # Set permissions to rw-rw---.
	      $r->print('File copied.');
              $r->print('<p><font size=+2><a href="'.$url.
                        '">View file</a></font>');
              $r->print('<p><font size=+2><a href="'.$path.
                        '">Back to Directory</a></font>');
	   } else {
              $r->print('Failed to copy: '.$!);
              $r->print('<p><font size=+2><a href="'.$path.
                        '">Back to Directory</a></font>');
	   }
       }
    } else {
       $r->print(
   '<font size=+1 color=red>Please use browser "Back" button and pick a filename</font><p>');
    }
  } else {
    $r->print(
   '<font size=+1 color=red>Please use browser "Back" button and pick a filename</font><p>');
  }
}

# ---------------------------------------------------------------- Main Handler
sub handler {

  my $r=shift;

  my $uname;
  my $udom;
#
# phase two: re-attach user
#
  if ($ENV{'form.uploaduname'}) {
      $ENV{'form.filename'}='/priv/'.$ENV{'form.uploaduname'}.'/'.
	  $ENV{'form.filename'};
  }
#

  ($uname,$udom)=
    &Apache::loncacc::constructaccess(
			 $ENV{'form.filename'},$r->dir_config('lonDefDomain'));
  unless (($uname) && ($udom)) {
     $r->log_reason($uname.' at '.$udom.
         ' trying to publish file '.$ENV{'form.filename'}.
         ' - not authorized', 
         $r->filename); 
     return HTTP_NOT_ACCEPTABLE;
  }

  my $fn;
  if ($ENV{'form.filename'}) {
      $fn=$ENV{'form.filename'};
      $fn=~s/^http\:\/\/[^\/]+\///;
      $fn=~s/^\///;
      $fn=~s/(\~|priv\/)(\w+)//;
      $fn=~s/\/+/\//g;
  } else {
     $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
         ' unspecified filename for upload', $r->filename); 
     return HTTP_NOT_FOUND;
  }

# ----------------------------------------------------------- Start page output


  $r->content_type('text/html');
  $r->send_http_header;

  $r->print('<html><head><title>LON-CAPA Construction Space</title></head>');

  $r->print(&Apache::loncommon::bodytag('Upload file to Construction Space'));
  
  if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) {
          $r->print('<h3><font color=red>Co-Author: '.$uname.' at '.$udom.
               '</font></h3>');
  }


  if ($ENV{'form.phase'} eq 'two') {
      &phasetwo($r,$fn,$uname,$udom);
  } else {
      &phaseone($r,$fn,$uname,$udom);
  }

  $r->print('</body></html>');
  return OK;  
}

1;
__END__

=head1 NAME

Apache::lonupload - upload files into construction space

=head1 SYNOPSIS

Invoked by /etc/httpd/conf/srm.conf:

 <Location /adm/upload>
 PerlAccessHandler       Apache::lonacc
 SetHandler perl-script
 PerlHandler Apache::lonupload
 ErrorDocument     403 /adm/login
 ErrorDocument     404 /adm/notfound.html
 ErrorDocument     406 /adm/unauthorized.html
 ErrorDocument	  500 /adm/errorhandler
 </Location>

=head1 INTRODUCTION

This module uploads a file sitting on a client computer into 
library server construction space.

This is part of the LearningOnline Network with CAPA project
described at http://www.lon-capa.org.

=head1 HANDLER SUBROUTINE

This routine is called by Apache and mod_perl.

=over 4

=item *

Initialize variables

=item *

Start page output

=item *

output relevant interface phase (phaseone or phasetwo)

=item *

(phase one is to specify upload file; phase two is to handle conditions
subsequent to specification--like overwriting an existing file)

=back

=head1 OTHER SUBROUTINES

=over 4

=item *

phaseone() : Interface for specifying file to upload.

=item *

phasetwo() : Interface for handling post-conditions about uploading (such
as overwriting an existing file).

=item *

upfile_store() : Store contents of uploaded file into temporary space.  Invoked
by phaseone subroutine.

=back

=cut