[LON-CAPA-cvs] cvs: loncom /publisher lonpublisher.pm
www
lon-capa-cvs-allow@mail.lon-capa.org
Thu, 14 Feb 2008 21:29:10 -0000
www Thu Feb 14 16:29:10 2008 EDT
Modified files:
/loncom/publisher lonpublisher.pm
Log:
Don't let the user shoot into their foot with variable filenames.
Index: loncom/publisher/lonpublisher.pm
diff -u loncom/publisher/lonpublisher.pm:1.230 loncom/publisher/lonpublisher.pm:1.231
--- loncom/publisher/lonpublisher.pm:1.230 Wed Feb 13 09:18:59 2008
+++ loncom/publisher/lonpublisher.pm Thu Feb 14 16:29:08 2008
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Publication Handler
#
-# $Id: lonpublisher.pm,v 1.230 2008/02/13 14:18:59 bisitz Exp $
+# $Id: lonpublisher.pm,v 1.231 2008/02/14 21:29:08 www Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -967,15 +967,21 @@
foreach (sort(keys(%allow))) {
my $thisdep=$_;
if ($thisdep !~ /[^\s]/) { next; }
+ if ($thisdep =~/\$/) {
+ $scrout.='<br /><span class="LC_warning">'.
+ &mt('The resource depends on another resource with variable filename, i.e., [_1]. '.
+ 'You likely need to explicitly allow access to all possible dependencies using the [_2]-tag',
+ '<tt>'.$thisdep.'</tt>','<tt><allow></tt>').'</span>';
+ }
unless ($style eq 'rat') {
$allowstr.="\n".'<allow src="'.$thisdep.'" />';
}
$scrout.='<br />';
- if ($thisdep!~/\*/ && $thisdep!~m|^/adm/|) {
+ if ($thisdep!~/[\*\$]/ && $thisdep!~m|^/adm/|) {
$scrout.='<a href="'.$thisdep.'">';
}
$scrout.='<tt>'.$thisdep.'</tt>';
- if ($thisdep!~/\*/ && $thisdep!~m|^/adm/|) {
+ if ($thisdep!~/[\*\$]/ && $thisdep!~m|^/adm/|) {
$scrout.='</a>';
if (
&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.'/'.