[LON-CAPA-cvs] cvs: loncom /publisher lonpublisher.pm

www lon-capa-cvs-allow@mail.lon-capa.org
Thu, 14 Feb 2008 21:29:10 -0000


www		Thu Feb 14 16:29:10 2008 EDT

  Modified files:              
    /loncom/publisher	lonpublisher.pm 
  Log:
  Don't let the user shoot into their foot with variable filenames.
  
  
Index: loncom/publisher/lonpublisher.pm
diff -u loncom/publisher/lonpublisher.pm:1.230 loncom/publisher/lonpublisher.pm:1.231
--- loncom/publisher/lonpublisher.pm:1.230	Wed Feb 13 09:18:59 2008
+++ loncom/publisher/lonpublisher.pm	Thu Feb 14 16:29:08 2008
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Publication Handler
 #
-# $Id: lonpublisher.pm,v 1.230 2008/02/13 14:18:59 bisitz Exp $
+# $Id: lonpublisher.pm,v 1.231 2008/02/14 21:29:08 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -967,15 +967,21 @@
         foreach (sort(keys(%allow))) {
 	   my $thisdep=$_;
 	   if ($thisdep !~ /[^\s]/) { next; }
+           if ($thisdep =~/\$/) {
+              $scrout.='<br /><span class="LC_warning">'.
+                       &mt('The resource depends on another resource with variable filename, i.e., [_1]. '.
+                           'You likely need to explicitly allow access to all possible dependencies using the [_2]-tag',
+                           '<tt>'.$thisdep.'</tt>','<tt>&lt;allow&gt;</tt>').'</span>'; 
+           }
            unless ($style eq 'rat') { 
               $allowstr.="\n".'<allow src="'.$thisdep.'" />';
 	   }
            $scrout.='<br />';
-           if ($thisdep!~/\*/ && $thisdep!~m|^/adm/|) {
+           if ($thisdep!~/[\*\$]/ && $thisdep!~m|^/adm/|) {
 	       $scrout.='<a href="'.$thisdep.'">';
            }
            $scrout.='<tt>'.$thisdep.'</tt>';
-           if ($thisdep!~/\*/ && $thisdep!~m|^/adm/|) {
+           if ($thisdep!~/[\*\$]/ && $thisdep!~m|^/adm/|) {
 	       $scrout.='</a>';
                if (
        &Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.'/'.