[LON-CAPA-cvs] cvs: loncom /publisher lonupload.pm
raeburn
raeburn at source.lon-capa.org
Sun Nov 12 18:01:00 EST 2017
raeburn Sun Nov 12 23:01:00 2017 EDT
Modified files:
/loncom/publisher lonupload.pm
Log:
- Sanity checking.
Index: loncom/publisher/lonupload.pm
diff -u loncom/publisher/lonupload.pm:1.67 loncom/publisher/lonupload.pm:1.68
--- loncom/publisher/lonupload.pm:1.67 Fri Sep 11 20:12:30 2015
+++ loncom/publisher/lonupload.pm Sun Nov 12 23:01:00 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
-# $Id: lonupload.pm,v 1.67 2015/09/11 20:12:30 raeburn Exp $
+# $Id: lonupload.pm,v 1.68 2017/11/12 23:01:00 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -130,7 +130,7 @@
use HTML::Entities();
use Apache::lonlocal;
use Apache::lonnet;
-use LONCAPA();
+use LONCAPA qw(:DEFAULT :match);
my $DEBUG=0;
@@ -150,8 +150,12 @@
chomp($env{'form.upfile'});
- my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
- '_upload_'.$fname.'_'.time.'_'.$$;
+ my $datatoken;
+ if (($env{'user.name'} =~ /^$match_username$/) && ($env{'user.domain'} =~ /^$match_domain$/)) {
+ $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
+ '_upload_'.$fname.'_'.time.'_'.$$;
+ }
+ return if ($datatoken eq '');
{
my $fh=Apache::File->new('>'.$r->dir_config('lonDaemons').
'/tmp/'.$datatoken.'.tmp');
@@ -279,7 +283,10 @@
$base = &HTML::Entities::encode($base,'<>&"');
my $url = $path."/".$base;
&Debug($r, "URL is now ".$url);
- my $datatoken=$env{'form.datatoken'};
+ my $datatoken;
+ if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
+ $datatoken = $env{'form.datatoken'};
+ }
if (($fn) && ($datatoken)) {
if ($env{'form.cancel'}) {
my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp';
More information about the LON-CAPA-cvs
mailing list