[LON-CAPA-cvs] cvs: loncom /interface londependencies.pm londocs.pm

Sun Aug 13 16:52:59 EDT 2017

raeburn		Sun Aug 13 20:52:59 2017 EDT

  Modified files:              
    /loncom/interface	londocs.pm londependencies.pm 
  Log:
  - Sanity checking.
  
  
Index: loncom/interface/londocs.pm
diff -u loncom/interface/londocs.pm:1.633 loncom/interface/londocs.pm:1.634

--- loncom/interface/londocs.pm:1.633	Mon Jul 10 12:48:41 2017
+++ loncom/interface/londocs.pm	Sun Aug 13 20:52:58 2017
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.633 2017/07/10 12:48:41 raeburn Exp $
+# $Id: londocs.pm,v 1.634 2017/08/13 20:52:58 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -6574,6 +6574,7 @@
 sub embedded_form_elems {
     my ($phase,$primaryurl,$newidx) = @_;
     my $folderpath = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
+    $newidx =~s /\D+//g;
     return <<STATE;
     <input type="hidden" name="folderpath" value="$folderpath" />
     <input type="hidden" name="cmd" value="upload_embedded" />
@@ -6594,7 +6595,11 @@
     } elsif ($folder =~ /^(default|supplemental)_(\d+)$/) {
         $destination .=  $2.'/';
     }
-    $destination .= $env{'form.newidx'};
+    my $newidx = $env{'form.newidx'};
+    $newidx =~s /\D+//g;
+    if ($newidx) {
+        $destination .= $newidx;
+    }
     my $dir_root = '/userfiles';
     return ($destination,$dir_root);
 }
@@ -6620,6 +6625,9 @@
     }
     unshift(@hiddens,$pathitem);
     foreach my $item (@hiddens) {
+        if ($item eq 'newidx') {
+            next if ($env{'form.'.$item} =~ /\D/);
+        }
         if ($env{'form.'.$item}) {
             $hiddenelem .= '<input type="hidden" name="'.$item.'" value="'.
                            &HTML::Entities::encode($env{'form.'.$item},'<>&"').'" />'."\n";
Index: loncom/interface/londependencies.pm
diff -u loncom/interface/londependencies.pm:1.4 loncom/interface/londependencies.pm:1.5
--- loncom/interface/londependencies.pm:1.4	Fri May  3 21:57:13 2013
+++ loncom/interface/londependencies.pm	Sun Aug 13 20:52:59 2017
@@ -2,7 +2,7 @@
 # Handler to manage dependencies for HTML files uploaded directly
 # to a course. 
 #
-# $Id: londependencies.pm,v 1.4 2013/05/03 21:57:13 raeburn Exp $
+# $Id: londependencies.pm,v 1.5 2017/08/13 20:52:59 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -101,8 +101,12 @@
     my $docs_url = $env{'form.url'};
     my $folderpath = &unescape($env{'form.folderpath'});
     my ($mimetype,$numpathchgs,$numrefchanges,%allfiles,%codebase,$url);
+    my $earlyout;
     if ($symb) {
         (undef,undef,$url) = &Apache::lonnet::decode_symb($symb);
+        unless (&Apache::lonnet::is_on_map($url)) {
+            $earlyout = 1;
+        }
     } elsif (($docs_url) && (($env{'httpref.'.$docs_url} ne '') ||
                              ($docs_url =~ m{^\Q/uploaded/$cdom/$cnum/\E(portfolio/syllabus)/}))) {
         $url = $docs_url;
@@ -122,10 +126,18 @@
         ($destination) =
             ($url =~ m{^\Quploaded/$cdom/$cnum/\E((?:docs|supplemental)/(?:default|\d+)/\d+)/});
         $context = 'coursedoc';
+        if ($destination eq '') {
+            $earlyout = 1;
+        } 
     }
     my $js = &Apache::loncommon::ask_embedded_js();
     my $output = &Apache::loncommon::start_page($title,$js,
                                                 {'only_body' => 1});
+    if ($earlyout) {
+        $r->print($output.&mt('Cannot display dependency information - invalid file: [_1].',$url).
+                  &Apache::loncommon::end_page());
+        return OK;
+    }
     if ($action eq 'modifyhrefs') {
         my ($result,$count,$codebasecount) =
             &Apache::loncommon::modify_html_refs('manage_dependencies',$destination,


