[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm
www
lon-capa-cvs@mail.lon-capa.org
Tue, 07 May 2002 18:49:33 -0000
www Tue May 7 14:49:33 2002 EDT
Modified files:
/loncom/auth lonacc.pm
Log:
This is incorporating the &symbverify call for user-supplied symbs.
Towards bug 279. Should bring up roles error when wrong.
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.30 loncom/auth/lonacc.pm:1.31
--- loncom/auth/lonacc.pm:1.30 Tue Apr 2 16:33:06 2002
+++ loncom/auth/lonacc.pm Tue May 7 14:49:33 2002
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.30 2002/04/02 21:33:06 www Exp $
+# $Id: lonacc.pm,v 1.31 2002/05/07 18:49:33 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -178,10 +178,18 @@
&Apache::loncommon::get_unprocessed_cgi($query,['symb']);
}
if ($ENV{'form.symb'}) {
- $symb=$ENV{'form.symb'};
- my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
- &Apache::lonnet::symblist($map,$murl => $mid,
- 'last_known' => $murl);
+ $symb=&Apache::lonnet::symbclean($ENV{'form.symb'});
+ if (&Apache::lonnet::symbverify($symb,$requrl)) {
+ my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
+ &Apache::lonnet::symblist($map,$murl => $mid,
+ 'last_known' => $murl);
+ } else {
+ $r->log_reason('Invalid symb for '.$requrl.': '.
+ $symb);
+ $ENV{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
+ }
} else {
$symb=&Apache::lonnet::symbread;
}