Return to lonupload.pm CVS log

Up to [LON-CAPA] / loncom / publisher

Phase 2:

* returning to phase 1 could never have worked correctly; eliminated.

* did not check if target was an existing directory, and changed mode of
  parent directory to "rw-rw" overriding the "x"; put in checking.

    1: 
    2: # The LearningOnline Network with CAPA
    3: # Handler to upload files into construction space
    4: #
    5: # $Id: lonupload.pm,v 1.19 2003/08/04 18:22:55 www Exp $
    6: #
    7: # Copyright Michigan State University Board of Trustees
    8: #
    9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   10: #
   11: # LON-CAPA is free software; you can redistribute it and/or modify
   12: # it under the terms of the GNU General Public License as published by
   13: # the Free Software Foundation; either version 2 of the License, or
   14: # (at your option) any later version.
   15: #
   16: # LON-CAPA is distributed in the hope that it will be useful,
   17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   19: # GNU General Public License for more details.
   20: #
   21: # You should have received a copy of the GNU General Public License
   22: # along with LON-CAPA; if not, write to the Free Software
   23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   24: #
   25: # /home/httpd/html/adm/gpl.txt
   26: #
   27: # http://www.lon-capa.org/
   28: #
   29: ###
   30: 
   31: package Apache::lonupload;
   32: 
   33: use strict;
   34: use Apache::File;
   35: use File::Copy;
   36: use File::Basename;
   37: use Apache::Constants qw(:common :http :methods);
   38: use Apache::loncacc;
   39: use Apache::loncommon();
   40: use Apache::Log();
   41: use Apache::lonnet;
   42: use HTML::Entities();
   43: 
   44: my $DEBUG=0;
   45: 
   46: sub Debug {
   47:   
   48:   # Marshall the parameters.
   49:   
   50:   my $r       = shift;
   51:   my $log     = $r->log;
   52:   my $message = shift;
   53:   
   54:   # Put out the indicated message butonly if DEBUG is false.
   55:   
   56:   if ($DEBUG) {
   57:     $log->debug($message);
   58:   }
   59: }
   60: 
   61: sub upfile_store {
   62:     my $r=shift;
   63: 	
   64:     my $fname=$ENV{'form.upfile.filename'};
   65:     $fname=~s/\W//g;
   66:     
   67:     chomp($ENV{'form.upfile'});
   68:   
   69:     my $datatoken=$ENV{'user.name'}.'_'.$ENV{'user.domain'}.
   70: 		  '_upload_'.$fname.'_'.time.'_'.$$;
   71:     {
   72:        my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
   73:                                    '/tmp/'.$datatoken.'.tmp');
   74:        print $fh $ENV{'form.upfile'};
   75:     }
   76:     return $datatoken;
   77: }
   78: 
   79: 
   80: sub phaseone {
   81:    my ($r,$fn,$uname,$udom)=@_;
   82:    $ENV{'form.upfile.filename'}=~s/\\/\//g;
   83:    $ENV{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
   84:    if ($ENV{'form.upfile.filename'}) {
   85:     $fn=~s/\/[^\/]+$//;
   86:     $fn=~s/([^\/])$/$1\//;
   87:     $fn.=$ENV{'form.upfile.filename'};
   88:     $fn=~s/^\///;
   89:     $fn=~s/(\/)+/\//g;
   90: 
   91: #    Fn is the full path to the destination filename.
   92: #    
   93: 
   94:     &Debug($r, "Filename for upload: $fn");
   95:     if (($fn) && ($fn!~/\/$/)) {
   96:       $r->print(
   97:  '<form action=/adm/upload method=post>'.
   98:  '<input type=hidden name=phase value=two>'.
   99:  '<input type=hidden name=datatoken value="'.&upfile_store.'">'.
  100:  '<input type=hidden name=uploaduname value="'.$uname.'">'.
  101:  'Store uploaded file as '.
  102:  '<input type=text size=50 name=filename value="'.$fn.'"><br>'.
  103:  '<input type=submit value="Store"></form>');
  104:       # Check for bad extension and warn user
  105:       if ($fn=~/\.(\w+)$/ && 
  106: 	  (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
  107: 	  $r->print(
  108:  '<font color=red>'.
  109:  'The extension on this file, "'.$1.
  110:  '", is reserved internally by LON-CAPA. <br \>'.
  111:  'Please change the extension.'.
  112:  '</font>');
  113:       } elsif($fn=~/\.(\w+)$/ && 
  114: 	      !defined(&Apache::loncommon::fileembstyle($1))) {
  115: 	  $r->print(
  116:  '<font color=red>'.
  117:  'The extension on this file, "'.$1.
  118:  '", is not recognized by LON-CAPA. <br \>'.
  119:  'Please change the extension.'.
  120:  '</font>');
  121:       }
  122:   } else {
  123:       $r->print('<font color=red>Illegal filename.</font>');
  124:   }
  125:  } else {
  126:      $r->print('<font color=red>No upload file specified.</font>');
  127:  }
  128: }
  129: 
  130: sub phasetwo {
  131:    my ($r,$tfn,$uname,$udom)=@_;
  132:    my $fn='/priv/'.$uname.'/'.$tfn;
  133:    $fn=~s/\/+/\//g;
  134:    &Debug($r, "Filename is ".$tfn);
  135:    if ($tfn) {
  136:     &Debug($r, "Filename for tfn = ".$tfn);
  137:     my $target='/home/'.$uname.'/public_html'.$tfn;
  138:     &Debug($r, "target -> ".$target);
  139: #     target is the full filesystem path of the destination file.
  140:     my $base = &File::Basename::basename($fn);
  141:     my $path = &File::Basename::dirname($fn);
  142:     $base    = &HTML::Entities::encode($base);
  143:     my $url  = $path."/".$base; 
  144:     &Debug($r, "URL is now ".$url);
  145:     my $datatoken=$ENV{'form.datatoken'};
  146:     if (($fn) && ($datatoken)) {
  147: 	if ((-e $target) && ($ENV{'form.override'} ne 'Yes')) {
  148:            $r->print(
  149:  '<form action=/adm/upload method=post>'.
  150:  'File <tt>'.$fn.'</tt> exists. Overwrite? '.
  151:  '<input type=hidden name=phase value=two>'.
  152:  '<input type=hidden name=filename value="'."$url".'">'.
  153:  '<input type=hidden name=datatoken value="'.$datatoken.'">'.
  154:  '<input type=submit name=override value="Yes"></form>');
  155:        } else {
  156:            my $source=$r->dir_config('lonDaemons').
  157: 	                             '/tmp/'.$datatoken.'.tmp';
  158:            # Check for bad extension and disallow upload
  159: 	   if ($fn=~/\.(\w+)$/ && 
  160: 	       (&Apache::loncommon::fileembstyle($1) eq 'hdn')) {
  161: 	       $r->print(
  162:  'File <tt>'.$fn.'</tt> could not be copied.<br />'.
  163:  '<font color=red>'.
  164:  'The extension on this file is reserved internally by LON-CAPA.'.
  165:  '</font>');
  166:               $r->print('<p><font size=+2><a href="'.$path.
  167:                         '">Back to Directory</a></font>');
  168: 	   } elsif ($fn=~/\.(\w+)$/ && 
  169: 		    !defined(&Apache::loncommon::fileembstyle($1))) {
  170: 	       $r->print(
  171:  'File <tt>'.$fn.'</tt> could not be copied.<br />'.
  172:  '<font color=red>'.
  173:  'The extension on this file is not recognized by LON-CAPA.'.
  174:  '</font>');
  175: 	       $r->print('<p><font size=+2><a href="'.$path.
  176:                         '">Back to Directory</a></font>');
  177: 	   } elsif (-d $target) {
  178: 	       $r->print(
  179:  'File <tt>'.$fn.'</tt> could not be copied.<br />'.
  180:  '<font color=red>'.
  181:  'The target is an existing directory.'.
  182:  '</font>');
  183: 	       $r->print('<p><font size=+2><a href="'.$path.
  184:                         '">Back to Directory</a></font>');
  185: 	   } elsif (copy($source,$target)) {
  186: 	       chmod(0660, $target); # Set permissions to rw-rw---.
  187: 	      $r->print('File copied.');
  188:               $r->print('<p><font size=+2><a href="'.$url.
  189:                         '">View file</a></font>');
  190:               $r->print('<p><font size=+2><a href="'.$path.
  191:                         '">Back to Directory</a></font>');
  192: 	   } else {
  193:               $r->print('Failed to copy: '.$!);
  194:               $r->print('<p><font size=+2><a href="'.$path.
  195:                         '">Back to Directory</a></font>');
  196: 	   }
  197:        }
  198:     } else {
  199:        $r->print(
  200:    '<font size=+1 color=red>Please use browser "Back" button and pick a filename</font><p>');
  201:     }
  202:   } else {
  203:     $r->print(
  204:    '<font size=+1 color=red>Please use browser "Back" button and pick a filename</font><p>');
  205:   }
  206: }
  207: 
  208: # ---------------------------------------------------------------- Main Handler
  209: sub handler {
  210: 
  211:   my $r=shift;
  212: 
  213:   my $uname;
  214:   my $udom;
  215: #
  216: # phase two: re-attach user
  217: #
  218:   if ($ENV{'form.uploaduname'}) {
  219:       $ENV{'form.filename'}='/priv/'.$ENV{'form.uploaduname'}.'/'.
  220: 	  $ENV{'form.filename'};
  221:   }
  222: #
  223: 
  224:   ($uname,$udom)=
  225:     &Apache::loncacc::constructaccess(
  226: 			 $ENV{'form.filename'},$r->dir_config('lonDefDomain'));
  227:   unless (($uname) && ($udom)) {
  228:      $r->log_reason($uname.' at '.$udom.
  229:          ' trying to publish file '.$ENV{'form.filename'}.
  230:          ' - not authorized', 
  231:          $r->filename); 
  232:      return HTTP_NOT_ACCEPTABLE;
  233:   }
  234: 
  235:   my $fn;
  236:   if ($ENV{'form.filename'}) {
  237:       $fn=$ENV{'form.filename'};
  238:       $fn=~s/^http\:\/\/[^\/]+\///;
  239:       $fn=~s/^\///;
  240:       $fn=~s/(\~|priv\/)(\w+)//;
  241:       $fn=~s/\/+/\//g;
  242:   } else {
  243:      $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}.
  244:          ' unspecified filename for upload', $r->filename); 
  245:      return HTTP_NOT_FOUND;
  246:   }
  247: 
  248: # ----------------------------------------------------------- Start page output
  249: 
  250: 
  251:   $r->content_type('text/html');
  252:   $r->send_http_header;
  253: 
  254:   $r->print('<html><head><title>LON-CAPA Construction Space</title></head>');
  255: 
  256:   $r->print(&Apache::loncommon::bodytag('Upload file to Construction Space'));
  257:   
  258:   if (($uname ne $ENV{'user.name'}) || ($udom ne $ENV{'user.domain'})) {
  259:           $r->print('<h3><font color=red>Co-Author: '.$uname.' at '.$udom.
  260:                '</font></h3>');
  261:   }
  262: 
  263: 
  264:   if ($ENV{'form.phase'} eq 'two') {
  265:       &phasetwo($r,$fn,$uname,$udom);
  266:   } else {
  267:       &phaseone($r,$fn,$uname,$udom);
  268:   }
  269: 
  270:   $r->print('</body></html>');
  271:   return OK;  
  272: }
  273: 
  274: 1;
  275: __END__
  276: 
  277: =head1 NAME
  278: 
  279: Apache::lonupload - upload files into construction space
  280: 
  281: =head1 SYNOPSIS
  282: 
  283: Invoked by /etc/httpd/conf/srm.conf:
  284: 
  285:  <Location /adm/upload>
  286:  PerlAccessHandler       Apache::lonacc
  287:  SetHandler perl-script
  288:  PerlHandler Apache::lonupload
  289:  ErrorDocument     403 /adm/login
  290:  ErrorDocument     404 /adm/notfound.html
  291:  ErrorDocument     406 /adm/unauthorized.html
  292:  ErrorDocument	  500 /adm/errorhandler
  293:  </Location>
  294: 
  295: =head1 INTRODUCTION
  296: 
  297: This module uploads a file sitting on a client computer into 
  298: library server construction space.
  299: 
  300: This is part of the LearningOnline Network with CAPA project
  301: described at http://www.lon-capa.org.
  302: 
  303: =head1 HANDLER SUBROUTINE
  304: 
  305: This routine is called by Apache and mod_perl.
  306: 
  307: =over 4
  308: 
  309: =item *
  310: 
  311: Initialize variables
  312: 
  313: =item *
  314: 
  315: Start page output
  316: 
  317: =item *
  318: 
  319: output relevant interface phase (phaseone or phasetwo)
  320: 
  321: =item *
  322: 
  323: (phase one is to specify upload file; phase two is to handle conditions
  324: subsequent to specification--like overwriting an existing file)
  325: 
  326: =back
  327: 
  328: =head1 OTHER SUBROUTINES
  329: 
  330: =over 4
  331: 
  332: =item *
  333: 
  334: phaseone() : Interface for specifying file to upload.
  335: 
  336: =item *
  337: 
  338: phasetwo() : Interface for handling post-conditions about uploading (such
  339: as overwriting an existing file).
  340: 
  341: =item *
  342: 
  343: upfile_store() : Store contents of uploaded file into temporary space.  Invoked
  344: by phaseone subroutine.
  345: 
  346: =back
  347: 
  348: =cut