version 1.1, 2006/04/07 22:15:34
|
version 1.5, 2011/10/01 03:18:57
|
Line 1
|
Line 1
|
|
|
# The LearningOnline Network |
# The LearningOnline Network |
# URL translation for encrypted filenames |
# URL translation for encrypted filenames |
# |
# |
Line 30 package Apache::lonencurl;
|
Line 31 package Apache::lonencurl;
|
|
|
use strict; |
use strict; |
use Apache::Constants qw(:common :remotehost); |
use Apache::Constants qw(:common :remotehost); |
use CGI::Cookie(); |
|
use Apache::lonnet; |
use Apache::lonnet; |
use Apache::lonenc; |
use Apache::lonenc; |
|
use GDBM_File; |
|
|
sub handler { |
sub handler { |
my $r = shift; |
my $r = shift; |
my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); |
|
my $lonid=$cookies{'lonID'}; |
$env{'request.enc'}=1; |
my $cookie; |
|
if ($lonid) { |
my $handle = &Apache::lonnet::check_for_valid_session($r); |
my $handle=$lonid->value; |
if ($handle ne '') { |
$handle=~s/\W//g; |
|
my $lonidsdir=$r->dir_config('lonIDsDir'); |
|
$env{'request.enc'}=1; |
|
if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { |
|
# Initialize Environment |
# Initialize Environment |
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); |
my $lonidsdir=$r->dir_config('lonIDsDir'); |
# Decrypt URL and redirect |
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); |
my $redirect=&Apache::lonenc::unencrypted($r->uri); |
# Decrypt URL, if appropriate, and redirect |
if ($r->args) { $redirect.='?'.$r->args; } |
my $redirect; |
$r->internal_redirect($redirect); |
my ($decrypted,$encnum,$remainder) = &checkdecryption($r->uri); |
return OK; |
if (($encnum ne '') && ($remainder ne '')) { |
} |
my $referrer = $r->headers_in->{'Referer'} || ''; |
|
my $host = $r->headers_in->{'Host'}; |
|
my $decryptreferrer; |
|
if ($referrer =~ m{^https?://\Q$host\E(/enc/\Q$encnum\E/[^?]+)}) { |
|
($decryptreferrer) = &checkdecryption($1); |
|
} |
|
if ($decryptreferrer eq '') { |
|
if ($env{'request.course.fn'} ne '') { |
|
my %symbhash; |
|
if (tie(%symbhash,'GDBM_File',$env{'request.course.fn'}.'_symb.db', |
|
&GDBM_READER(),0640)) { |
|
my $lastsymb=$symbhash{'last_known'}; |
|
untie(%symbhash); |
|
(undef,undef,$decryptreferrer)=&Apache::lonnet::decode_symb($lastsymb); |
|
$decryptreferrer = &Apache::lonnet::clutter($decryptreferrer); |
|
} |
|
} |
|
} |
|
if ($decryptreferrer ne '') { |
|
my ($referrerpath) = ($decryptreferrer =~ m{^(.+/)[^/]+$}); |
|
if (($env{'httpref.'.$referrerpath.$remainder} eq $decryptreferrer) || |
|
($env{'httpref.'.$referrerpath.'*'} eq $decryptreferrer) || |
|
($env{'httpref.'.$referrerpath} eq $decryptreferrer)) { |
|
$redirect=$referrerpath.$remainder; |
|
} |
|
} |
|
} |
|
if ($redirect eq '') { |
|
$redirect=&Apache::lonenc::unencrypted($r->uri); |
|
} |
|
if ($r->args) { $redirect.='?'.$r->args; } |
|
$r->internal_redirect($redirect); |
|
return OK; |
} |
} |
return FORBIDDEN; |
return FORBIDDEN; |
} |
} |
|
|
|
sub checkdecryption { |
|
my ($uri) = @_; |
|
my ($encnum,$encname,$rest) = ($uri =~ m{^/enc/(\d+)/([^.]+)(.*)$}); |
|
my $enclength = length($encname); |
|
my $rem = $enclength%16; |
|
if (($encname =~ /[^a-f0-9]/) || ($rem != 0) || ($enclength < 16)) { |
|
return ('',$encnum,$encname.$rest); |
|
} else { |
|
return (&Apache::lonenc::unencrypted($uri)); |
|
} |
|
} |
|
|
|
1; |
|
__END__ |