[LON-CAPA-cvs] cvs: loncom /homework essayresponse.pm
www
lon-capa-cvs@mail.lon-capa.org
Fri, 24 Jan 2003 18:45:23 -0000
www Fri Jan 24 13:45:23 2003 EDT
Modified files:
/loncom/homework essayresponse.pm
Log:
Enforce restrictions on uploaded filetypes
Index: loncom/homework/essayresponse.pm
diff -u loncom/homework/essayresponse.pm:1.20 loncom/homework/essayresponse.pm:1.21
--- loncom/homework/essayresponse.pm:1.20 Fri Jan 24 13:30:54 2003
+++ loncom/homework/essayresponse.pm Fri Jan 24 13:45:23 2003
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# essay (ungraded) style responses
#
-# $Id: essayresponse.pm,v 1.20 2003/01/24 18:30:54 www Exp $
+# $Id: essayresponse.pm,v 1.21 2003/01/24 18:45:23 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -49,6 +49,7 @@
my $ncol= &Apache::lonnet::EXT("resource.$part".'_'."$id.maxcollaborators");
my $coll= &HTML::Entities::encode($Apache::lonhomework::history{"resource.$part.$id.collaborators"});
my $uploadedfiletypes= &Apache::lonnet::EXT("resource.$part".'_'."$id.uploadedfiletypes");
+ $uploadedfiletypes=~s/[^\w\,]//g;
my $uploadedfile= &HTML::Entities::encode($Apache::lonhomework::history{"resource.$part.$id.uploadedfile"});
$result='<br /><table border="1">';
if ($ncol > 0) {
@@ -97,9 +98,15 @@
}
my $filename= $ENV{'form.HWFILE'.$part.'_'.$id.'.filename'};
if ($filename =~ /[^\s]/) {
+ my $uploadedfiletypes= &Apache::lonnet::EXT("resource.$part".'_'."$id.uploadedfiletypes");
+ $uploadedfiletypes=~s/[^\w\,]//g;
+ $uploadedfiletypes=','.$uploadedfiletypes.',';
+ my ($extension)=($filename=~/\.(\w+)$/);
+ if ($uploadedfiletypes=~/\,$extension\,/i) {
$Apache::lonhomework::results{"resource.$part.$id.uploadedfile"}=$filename;
$Apache::lonhomework::results{"resource.$part.$id.uploadedurl"}=
&Apache::lonnet::userfileupload('HWFILE'.$part.'_'.$id);
+ }
}
if ( defined $ENV{'form.submitted'}) {
my $response = $ENV{'form.HWVAL'.$id};