[LON-CAPA-cvs] cvs: loncom /imspackages imsprocessor.pm
raeburn
raeburn at source.lon-capa.org
Sun Nov 5 17:47:13 EST 2017
raeburn Sun Nov 5 22:47:13 2017 EDT
Modified files:
/loncom/imspackages imsprocessor.pm
Log:
- Sanity checking.
Index: loncom/imspackages/imsprocessor.pm
diff -u loncom/imspackages/imsprocessor.pm:1.55 loncom/imspackages/imsprocessor.pm:1.56
--- loncom/imspackages/imsprocessor.pm:1.55 Tue May 23 03:07:40 2017
+++ loncom/imspackages/imsprocessor.pm Sun Nov 5 22:47:13 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Processor for IMS Packages
#
-# $Id: imsprocessor.pm,v 1.55 2017/05/23 03:07:40 raeburn Exp $
+# $Id: imsprocessor.pm,v 1.56 2017/11/05 22:47:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -29,6 +29,7 @@
package Apache::imsprocessor;
use Apache::lonnet;
+use Apache::loncommon;
use Apache::loncleanup;
use Apache::lonlocal;
use HTTP::Request::Common;
@@ -99,6 +100,9 @@
my ($context,$pathinfo,$timenow) = @_;
my $configvars = &LONCAPA::Configuration::read_conf('loncapa.conf');
my $tempdir;
+ $pathinfo = &Apache::loncommon::clean_path($pathinfo);
+# Collapse dots
+ $pathinfo =~ s/\.+/./g;
if ($context eq 'DOCS') {
$tempdir = $$configvars{'lonDaemons'}.'/tmp/'.$pathinfo;
if (!-e "$tempdir") {
@@ -130,6 +134,8 @@
$fname=~s/\s+/\_/g;
# Replace all other weird characters by nothing
$fname=~s/[^\w\.\-]//g;
+# Collapse dots
+ $fname=~s/\.+/./g;
# See if there is anything left
unless ($fname) { return 'error: no uploaded file'; }
# Save the file
More information about the LON-CAPA-cvs
mailing list