--- loncom/publisher/loncfile.pm	2003/02/12 19:56:14	1.27
+++ loncom/publisher/loncfile.pm	2003/06/19 20:49:13	1.31
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.27 2003/02/12 19:56:14 albertel Exp $
+# $Id: loncfile.pm,v 1.31 2003/06/19 20:49:13 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -412,7 +412,7 @@ sub CloseForm1 {
    &Debug($request, "Cancel url is: ".$cancelurl);
    $request->print('<p><input type="submit" value="Continue" /></p></form>');
    $request->print('<form action="'.$cancelurl.
-		   '" method="GET"><p><input type="submit" value="Cancel" /></p></form>');
+		   '" method="POST"><p><input type="submit" value="Cancel" /></p></form>');
 
 }
 
@@ -494,7 +494,7 @@ sub Rename1 {
     if(-e $conspace) {
 	if($ENV{'form.newfilename'}) {
 	    my $newfilename = $ENV{'form.newfilename'};
-	    if ($newfilename =~ m|^[^\.]+$|) {
+	    if ($newfilename =~ m|/[^\.]+$|) {
 		#no extension add on orignal extension
 		if ($filename =~ m|/[^\.]*\.([^\.]+)$|) {
 		    $newfilename.='.'.$1;
@@ -778,6 +778,12 @@ sub NewFile1 {
 	}
     }
 
+    #remove bad characters
+    if  ($newfilename=~/[\#\?&]/) {
+	$request->print("<p><font color=\"red\">Invalid characters in requested filename have been removed.</font></p>");
+	$newfilename=~s/[\#\?&]//g;
+    }
+
     my $fullpath = $dir.'/'.$newfilename;
 
     &Debug($request, "Full path is : ".$fullpath);
@@ -792,9 +798,9 @@ sub NewFile1 {
 	&Debug($request, "Dest url is: ".$dest);
 	$request->print('</form>');
 	$request->print('<form action="'.$dest.
-			'" method="GET"><p><input type="submit" value="Continue" /></p></form>');
+			'" method="POST"><p><input type="submit" value="Continue" /></p></form>');
 	$request->print('<form action="'.$cancelurl.
-			'" method="GET"><p><input type="submit" value="Cancel" /></p></form>');
+			'" method="POST"><p><input type="submit" value="Cancel" /></p></form>');
     }
 }
 
@@ -863,7 +869,10 @@ sub phaseone {
     &NewDir1($r, $uname, $dir, $ENV{'form.newfilename'});
   }  elsif ($ENV{'form.action'} eq 'newfile' ||
 	    $ENV{'form.action'} eq 'newhtmlfile' ||
-	    $ENV{'form.action'} eq 'newproblemfile') {
+	    $ENV{'form.action'} eq 'newproblemfile' ||
+            $ENV{'form.action'} eq 'newpagefile' ||
+            $ENV{'form.action'} eq 'newsequencefile' ||
+            $ENV{'form.action'} eq 'Select Action') {
       if($ENV{'form.newfilename'}) {
 	  my $newfilename = $ENV{'form.newfilename'};
 	  if (!defined($dir)) {
@@ -1291,10 +1300,13 @@ sub handler {
       $r->print('<h3>Copy</h3>');
   } elsif ($ENV{'form.action'} eq 'newfile' ||
 	   $ENV{'form.action'} eq 'newhtmlfile' ||
-	   $ENV{'form.action'} eq 'newproblemfile') {
+	   $ENV{'form.action'} eq 'newproblemfile' ||
+           $ENV{'form.action'} eq 'newpagefile' ||
+           $ENV{'form.action'} eq 'newsequencefile' ||
+           $ENV{'form.action'} eq 'Select Action' ) {
       $r->print('<h3>New Resource</h3>');
   } else {
-     $r->print('<p>Unknown Action</p></body></html>');
+     $r->print('<p>Unknown Action '.$ENV{'form.action'}.' </p></body></html>');
      return OK;  
   }
   if ($ENV{'form.phase'} eq 'two') {