[LON-CAPA-cvs] cvs: loncom /interface portfolio.pm

[albertel]

albertel		Tue Aug 24 03:29:51 2004 EDT

  Modified files:              
    /loncom/interface	portfolio.pm 
  Log:
  - clean up entered dirnames
  
  
Index: loncom/interface/portfolio.pm
diff -u loncom/interface/portfolio.pm:1.27 loncom/interface/portfolio.pm:1.28
--- loncom/interface/portfolio.pm:1.27	Tue Aug 24 03:26:04 2004
+++ loncom/interface/portfolio.pm	Tue Aug 24 03:29:51 2004
@@ -345,10 +345,17 @@
 
 sub createdir {
     my ($r)=@_;
-    #FIXME 1) bad dirnames ( '/' etc)
-    #      2) file exists in place of dir (errormessage needs improvement)
+    #FIXME 1) file exists in place of dir (errormessage needs improvement)
+    my $newdir=&Apache::lonnet::clean_filename($ENV{'form.newdir'});
+    if ($newdir eq '') {
+	$r->print('<font color="red">'.
+		  &mt("Error: no valid directory name was provided.").
+		  '</font><br />');
+	$r->print(&done());
+	return;
+    } 
     my $result=&Apache::lonnet::mkdiruserfile($ENV{'user.name'},
-	     $ENV{'user.domain'},'portfolio'.$ENV{'form.currentpath'}.$ENV{'form.newdir'});
+	     $ENV{'user.domain'},'portfolio'.$ENV{'form.currentpath'}.$newdir);
     if ($result ne 'ok') {
 	$r->print('<font color="red"> An errror occured ('.$result.
 		  ') while trying to create a new directory '.&display_file().'</font><br />');