version 1.8, 2023/08/23 20:39:06
|
version 1.12, 2023/08/23 22:57:39
|
Line 42 use Apache::lonnet;
|
Line 42 use Apache::lonnet;
|
use Apache::pre_xml; |
use Apache::pre_xml; |
use Apache::html_to_xml; |
use Apache::html_to_xml; |
use Apache::post_xml; |
use Apache::post_xml; |
|
use Apache::lonlocal; |
|
|
sub handler { |
sub handler { |
my $request = shift; |
my $request = shift; |
Line 62 sub handler {
|
Line 62 sub handler {
|
|
|
sub convert_problem { |
sub convert_problem { |
my ($uri, $request) = @_; |
my ($uri, $request) = @_; |
|
if ($uri =~ m{^/priv/$match_domain/$match_username/}) { |
if ($uri =~ m{^/priv/([^/]+)/([^/]+)/}) { |
unless (&has_priv_access($uri)) { |
my ($domain, $user) = ($1, $2); |
|
my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); |
|
if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { |
|
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Forbidden URI: $uri"); |
$request->print(&mt('Forbidden URI: [_1]',$uri)); |
$request->status(403); |
$request->status(403); |
return OK; |
return OK; |
} |
} |
Line 95 sub convert_problem {
|
Line 92 sub convert_problem {
|
return OK; |
return OK; |
} catch { |
} catch { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("convert failed for $file: $_"); |
$request->print(&mt('convert failed for [_1]:',$file)." $_"); |
$request->status(406); |
$request->status(406); |
return OK; |
return OK; |
}; |
}; |
Line 109 sub directory_listing {
|
Line 106 sub directory_listing {
|
$res .= "<directory name=\"/\">\n"; |
$res .= "<directory name=\"/\">\n"; |
$res .= "<directory name=\"priv\"/>\n"; |
$res .= "<directory name=\"priv\"/>\n"; |
$res .= "<directory name=\"res\"/>\n"; |
$res .= "<directory name=\"res\"/>\n"; |
} elsif ($uri !~ /^\/(priv|res)\//) { |
} elsif ($uri !~ m{^/(priv|res)/}) { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Not found: $uri"); |
$request->print(&mt('Not found: [_1]',$uri)); |
$request->status(404); |
$request->status(404); |
return OK; |
return OK; |
} elsif ($uri =~ m{^/res/}) { |
} elsif ($uri =~ m{^/res/}) { |
Line 119 sub directory_listing {
|
Line 116 sub directory_listing {
|
my ($listref, $listerror) = &Apache::lonnet::dirlist($uri); |
my ($listref, $listerror) = &Apache::lonnet::dirlist($uri); |
if ($listerror) { |
if ($listerror) { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("listing error: $listerror"); |
$request->print(&mt('listing error: [_1]',$listerror)); |
$request->status(406); |
$request->status(406); |
return OK; |
return OK; |
} elsif ($uri =~ m{^/res/[^/]+/$} && scalar(@{$listref}) == 0) { |
} elsif ($uri =~ m{^/res/[^/]+/$} && scalar(@{$listref}) == 0) { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Not found: $uri"); |
$request->print(&mt('Not found: [_1]',$uri)); |
$request->status(404); |
$request->status(404); |
return OK; |
return OK; |
} |
} |
my $dirname = $uri; |
my $dirname = $uri; |
$dirname =~ s{^.*/([^/]*)$}{$1}; |
$dirname =~ s{^.*/([^/]*)$}{$1}; |
$res .= "<directory name=\"$dirname/\">\n"; |
$res .= "<directory name=\"$dirname/\">\n"; |
|
my (%is_course,%is_courseauthor); |
if (ref($listref) eq 'ARRAY') { |
if (ref($listref) eq 'ARRAY') { |
my @lines = @{$listref}; |
my @lines = @{$listref}; |
foreach my $line (@lines) { |
foreach my $line (@lines) { |
Line 148 sub directory_listing {
|
Line 146 sub directory_listing {
|
($udom, $uname) = ($uri =~ m{^/res/($match_domain)/($match_courseid)}); |
($udom, $uname) = ($uri =~ m{^/res/($match_domain)/($match_courseid)}); |
} |
} |
if ($udom ne '' && $uname ne '') { |
if ($udom ne '' && $uname ne '') { |
# remove courses from the list |
my $key = $udom.':'.$uname; |
next if (&Apache::lonnet::is_course($udom, $uname)); |
if (exists($is_course{$key})) { |
|
if ($is_course{$key}) { |
|
next unless ($is_courseauthor{$key}); |
|
} |
|
} else { |
|
if (&Apache::lonnet::is_course($udom, $uname)) { |
|
$is_course{$key} = 1; |
|
if ($env{'request.course.id'}) { |
|
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; |
|
my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; |
|
if (($cdom eq $udom) && ($cnum eq $uname)) { |
|
if (&Apache::lonnet::allowed('mdc', $env{'request.course.id'})) { |
|
$is_courseauthor{$key} = 1; |
|
} |
|
} |
|
} |
|
# remove courses from the list |
|
next unless ($is_courseauthor{$key}); |
|
} else { |
|
$is_course{$key} = 0; |
|
} |
|
} |
} |
} |
} |
} |
$path =~ s{/$}{}; |
$path =~ s{/$}{}; |
Line 164 sub directory_listing {
|
Line 183 sub directory_listing {
|
} |
} |
} |
} |
} elsif ($uri eq '/priv/') { |
} elsif ($uri eq '/priv/') { |
my $udom = $env{'user.domain'}; |
my $referrer = $request->headers_in->{'Referer'}; |
if (!defined $udom) { |
my $defdom = &get_defdom($referrer); |
|
if (!defined $defdom) { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Forbidden URI: $uri"); |
$request->print(&mt('Forbidden URI: [_1]',$uri)); |
$request->status(403); |
$request->status(403); |
return OK; |
return OK; |
} |
} |
$res .= "<directory name=\"priv\">\n"; |
$res .= "<directory name=\"priv\">\n"; |
$res .= "<directory name=\"$udom\"/>\n"; |
$res .= "<directory name=\"$defdom\"/>\n"; |
} elsif ($uri =~ m{^/priv/([^/]+)/$}) { |
} elsif ($uri =~ m{^/priv/($match_domain)/$}) { |
my $domain = $1; |
my $domain = $1; |
my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); |
my $referrer = $request->headers_in->{'Referer'}; |
if (!defined $uname || !defined $udom || $domain ne $udom) { |
my $defdom = &get_defdom($referrer); |
|
if ($domain ne $defdom) { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Forbidden URI: $uri"); |
$request->print(&mt('Forbidden URI: [_1]',$uri)); |
$request->status(403); |
$request->status(403); |
return OK; |
return OK; |
} |
} |
|
my $defname = &get_defname($domain,$referrer); |
$res .= "<directory name=\"$domain\">\n"; |
$res .= "<directory name=\"$domain\">\n"; |
$res .= "<directory name=\"$uname\"/>\n"; |
$res .= "<directory name=\"$defname\"/>\n"; |
} elsif ($uri =~ m{^/priv/([^/]+)/([^/]+)/}) { |
} elsif ($uri =~ m{^/priv/($match_domain)\/($match_username)/}) { |
my ($domain, $user) = ($1, $2); |
unless (&has_priv_access($uri)) { |
my ($uname, $udom) = ($env{'user.name'}, $env{'user.domain'}); |
|
if (!defined $uname || !defined $udom || $domain ne $udom || $user ne $uname) { |
|
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Forbidden URI: $uri"); |
$request->print(&mt('Forbidden URI: [_1]',$uri)); |
$request->status(403); |
$request->status(403); |
return OK; |
return OK; |
} |
} |
my $dirpath = &Apache::lonnet::filelocation('', $uri); |
my $dirpath = &Apache::lonnet::filelocation('', $uri); |
if (! -e $dirpath) { |
if (! -e $dirpath) { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Not found: $uri"); |
$request->print(&mt('Not found: [_1]',$uri)); |
$request->status(404); |
$request->status(404); |
return OK; |
return OK; |
} |
} |
$dirpath =~ s{/$}{}; |
$dirpath =~ s{/$}{}; |
opendir my $dir, $dirpath or die "Cannot open directory: $dirpath"; |
my @files; |
my @files = readdir $dir; |
if (opendir(my $dir, $dirpath)) { |
closedir $dir; |
@files = readdir($dir); |
|
closedir($dir); |
|
} else { |
|
$request->content_type('text/plain'); |
|
$request->print(&mt('Error opening directory: [_1]',$dirpath)); |
|
$request->status(403); |
|
return OK; |
|
} |
my $dirname = $dirpath; |
my $dirname = $dirpath; |
$dirname =~ s{^.*/([^/]*)$}{$1}; |
$dirname =~ s{^.*/([^/]*)$}{$1}; |
$res .= "<directory name=\"$dirname\">\n"; |
$res .= "<directory name=\"$dirname\">\n"; |
Line 231 sub directory_listing {
|
Line 258 sub directory_listing {
|
} |
} |
} else { |
} else { |
$request->content_type('text/plain'); |
$request->content_type('text/plain'); |
$request->print("Not found: $uri"); |
$request->print(&mt('Not found: [_1]',$uri)); |
$request->status(404); |
$request->status(404); |
return OK; |
return OK; |
} |
} |
Line 241 sub directory_listing {
|
Line 268 sub directory_listing {
|
return OK; |
return OK; |
} |
} |
|
|
|
sub has_priv_access { |
|
my ($uri) = @_; |
|
my ($ownername,$ownerdom,$ownerhome) = |
|
&Apache::lonnet::constructaccess($uri); |
|
my $allowed; |
|
if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) { |
|
unless ($ownerhome eq 'no_host') { |
|
my @hosts = &Apache::lonnet::current_machine_ids(); |
|
if (grep(/^\Q$ownerhome\E$/,@hosts)) { |
|
$allowed = 1; |
|
} |
|
} |
|
} |
|
return $allowed; |
|
} |
|
|
|
sub get_defdom { |
|
my ($referrer) = @_; |
|
my $defdom; |
|
if ($env{'request.role'} =~ m{^au\./($match_domain)/$}) { |
|
$defdom = $1; |
|
} elsif ($env{'request.role'} =~ m{^(?:ca|aa)\.($match_domain)/($match_username)$}) { |
|
$defdom = $1; |
|
} elsif ($env{'request.course.id'}) { |
|
if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) { |
|
my ($possdom,$possuname) = ($1,$2); |
|
if (&Apache::lonnet::is_course($possdom,$possuname)) { |
|
my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'}); |
|
if ($crsurl eq "/$possdom/$possuname") { |
|
$defdom = $possdom; |
|
} |
|
} else { |
|
if (&Apache::lonnet::domain($possdom) ne '') { |
|
$defdom = $possdom; |
|
} |
|
} |
|
} |
|
} |
|
if ($defdom eq '') { |
|
my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($env{'user.domain'},$env{'user.name'}); |
|
if ($is_author) { |
|
$defdom = $env{'user.domain'}; |
|
} |
|
} |
|
return $defdom; |
|
} |
|
|
|
sub get_defname { |
|
my ($domain,$referrer) = @_; |
|
my $defname; |
|
if ($env{'request.role'} eq "au./$domain/") { |
|
$defname = $env{'user.name'}; |
|
} elsif ($env{'request.role'} =~ m{^(?:ca|aa)\./\Q$domain\E/($match_username)$}) { |
|
$defname = $1; |
|
} elsif ($env{'request.course.id'}) { |
|
if ($referrer =~ m{\Qfile=/daxeopen/priv/\E($match_domain)/($match_username)/}) { |
|
my ($possdom,$possuname) = ($1,$2); |
|
if ($domain eq $possdom) { |
|
if (&Apache::lonnet::is_course($possdom,$possuname)) { |
|
my $crsurl = &Apache::lonnet::courseid_to_courseurl($env{'request.course.id'}); |
|
if ($crsurl eq "/$possdom/$possuname") { |
|
$defname = $possuname; |
|
} |
|
} else { |
|
unless (&Apache::lonnet::homeserver($possuname,$possdom) eq 'no_host') { |
|
$defname = $possuname; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
if ($defname eq '') { |
|
my ($is_adv,$is_author) = &Apache::lonnet::is_advanced_user($domain,$env{'user.name'}); |
|
if ($is_author) { |
|
$defname = $env{'user.name'}; |
|
} |
|
} |
|
return $defname; |
|
} |
|
|
1; |
1; |
__END__ |
__END__ |