[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Thu, 07 Jul 2005 05:53:36 -0000
albertel Thu Jul 7 01:53:36 2005 EDT
Modified files:
/loncom/auth lonacc.pm
Log:
- restrict public users to /res/* and /adm/roles, /adm/logout, and /adm/randomlabel.png
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.66 loncom/auth/lonacc.pm:1.67
--- loncom/auth/lonacc.pm:1.66 Tue Jul 5 17:30:14 2005
+++ loncom/auth/lonacc.pm Thu Jul 7 01:53:35 2005
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.66 2005/07/05 21:30:14 albertel Exp $
+# $Id: lonacc.pm,v 1.67 2005/07/07 05:53:35 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -92,6 +92,14 @@
return HTTP_NOT_ACCEPTABLE;
}
}
+ if ($env{'user.name'} eq 'public' &&
+ $env{'user.domain'} eq 'public' &&
+ $requrl !~ m{^/+(res|public)/} &&
+ $requrl !~ m{^/+adm/(roles|logout|randomlabel\.png)}) {
+ $env{'request.querystring'}=$r->args;
+ $env{'request.firsturl'}=$requrl;
+ return FORBIDDEN;
+ }
# ------------------------------------------------------------- This is allowed
if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);