[LON-CAPA-cvs] cvs: loncom /publisher loncfile.pm

[albertel]

albertel		Wed May 26 18:31:31 2004 EDT

  Modified files:              
    /loncom/publisher	loncfile.pm 
  Log:
  - trying to protect more funky filenames from breaingthings
  
  
Index: loncom/publisher/loncfile.pm
diff -u loncom/publisher/loncfile.pm:1.55 loncom/publisher/loncfile.pm:1.56
--- loncom/publisher/loncfile.pm:1.55	Wed May 26 18:25:38 2004
+++ loncom/publisher/loncfile.pm	Wed May 26 18:31:30 2004
@@ -9,7 +9,7 @@
 #  and displays a page showing the results of the action.
 #
 #
-# $Id: loncfile.pm,v 1.55 2004/05/26 22:25:38 albertel Exp $
+# $Id: loncfile.pm,v 1.56 2004/05/26 22:31:30 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -164,6 +164,7 @@
 sub url {
     my $fn=shift;
     $fn=~s/^\/home\/(\w+)\/public\_html/\/priv\/$1/;
+    $fn=&HTML::Entities::encode($fn,'<>"&');
     return $fn;
 }
 
@@ -290,9 +291,9 @@
 sub cleanDest {
     my ($request,$dest)=@_;
     #remove bad characters
-    if  ($dest=~/[\#\?&]/) {
+    if  ($dest=~/[\#\?&%]/) {
 	$request->print("<p><font color=\"red\">".&mt('Invalid characters in requested name have been removed.')."</font></p>");
-	$dest=~s/[\#\?&]//g;
+	$dest=~s/[\#\?&%]//g;
     }
     return $dest;
 }
@@ -1116,7 +1117,7 @@
 	    if(!&Rename2($r, $uname, $dir, $fn, $ENV{'form.newfilename'})) {
 		return;
 	    }
-	    $dest = &url($ENV{'form.newfilename'});
+	    $dest = $ENV{'form.newfilename'};
 	}
     } elsif ($ENV{'form.action'} eq 'delete') { 
 	if(!&Delete2($r, $uname, $ENV{'form.newfilename'})) {