[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface loncommon.pm

raeburn raeburn at source.lon-capa.org
Sun Sep 2 17:21:18 EDT 2018


raeburn		Sun Sep  2 21:21:18 2018 EDT

  Modified files:              (Branch: version_2_11_X)
    /loncom/interface	loncommon.pm 
  Log:
  - For 2.11
    Backport 1.1297 (part), 1.1298, 1.1290, 1.1291, 1.1292, 1.1293, 1.1294, 
    1.1298, 1.1299, 1.1300, 1.1303 1.1317
  
  
-------------- next part --------------
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1075.2.127 loncom/interface/loncommon.pm:1.1075.2.128
--- loncom/interface/loncommon.pm:1.1075.2.127	Sun Apr  2 03:09:27 2017
+++ loncom/interface/loncommon.pm	Sun Sep  2 21:21:17 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1075.2.127 2017/04/02 03:09:27 raeburn Exp $
+# $Id: loncommon.pm,v 1.1075.2.128 2018/09/02 21:21:17 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -80,6 +80,8 @@
 use LWP::UserAgent;
 use Crypt::DES;
 use DynaLoader; # for Crypt::DES version
+use File::Copy();
+use File::Path();
 
 # ---------------------------------------------- Designs
 use vars qw(%defaultdesign);
@@ -194,7 +196,7 @@
     {
         my $langtabfile = $Apache::lonnet::perlvar{'lonTabDir'}.
                                    '/language.tab';
-        if ( open(my $fh,"<$langtabfile") ) {
+        if ( open(my $fh,'<',$langtabfile) ) {
             while (my $line = <$fh>) {
                 next if ($line=~/^\#/);
                 chomp($line);
@@ -215,7 +217,7 @@
     {
         my $copyrightfile = $Apache::lonnet::perlvar{'lonIncludes'}.
                                   '/copyright.tab';
-        if ( open (my $fh,"<$copyrightfile") ) {
+        if ( open (my $fh,'<',$copyrightfile) ) {
             while (my $line = <$fh>) {
                 next if ($line=~/^\#/);
                 chomp($line);
@@ -229,7 +231,7 @@
     {
         my $sourcecopyrightfile = $Apache::lonnet::perlvar{'lonIncludes'}.
                                   '/source_copyright.tab';
-        if ( open (my $fh,"<$sourcecopyrightfile") ) {
+        if ( open (my $fh,'<',$sourcecopyrightfile) ) {
             while (my $line = <$fh>) {
                 next if ($line =~ /^\#/);
                 chomp($line);
@@ -243,7 +245,7 @@
 # -------------------------------------------------------------- default domain designs
     my $designdir=$Apache::lonnet::perlvar{'lonTabDir'}.'/lonDomColors';
     my $designfile = $designdir.'/default.tab';
-    if ( open (my $fh,"<$designfile") ) {
+    if ( open (my $fh,'<',$designfile) ) {
         while (my $line = <$fh>) {
             next if ($line =~ /^\#/);
             chomp($line);
@@ -257,7 +259,7 @@
     {
         my $categoryfile = $Apache::lonnet::perlvar{'lonTabDir'}.
                                   '/filecategories.tab';
-        if ( open (my $fh,"<$categoryfile") ) {
+        if ( open (my $fh,'<',$categoryfile) ) {
 	    while (my $line = <$fh>) {
 		next if ($line =~ /^\#/);
 		chomp($line);
@@ -272,7 +274,7 @@
     {
         my $typesfile = $Apache::lonnet::perlvar{'lonTabDir'}.
                '/filetypes.tab';
-        if ( open (my $fh,"<$typesfile") ) {
+        if ( open (my $fh,'<',$typesfile) ) {
             while (my $line = <$fh>) {
 		next if ($line =~ /^\#/);
 		chomp($line);
@@ -4718,7 +4720,7 @@
                  ($env{'request.role'} !~ m{^st\./\Q$cdom\E/\Q$cnum\E}));
         next if ($no_userblock);
 
-        # Retrieve blocking times and identity of locker for course
+        # Retrieve blocking times and identity of blocker for course
         # of specified user, unless user has 'evb' privilege.
         
         my ($start,$end,$trigger) = 
@@ -5132,7 +5134,7 @@
     my $designdir=$Apache::lonnet::perlvar{'lonTabDir'}.'/lonDomColors';
     my $designfile =  $designdir.'/'.$udom.'.tab';
     if (-e $designfile) {
-        if ( open (my $fh,"<$designfile") ) {
+        if ( open (my $fh,'<',$designfile) ) {
             while (my $line = <$fh>) {
                 next if ($line =~ /^\#/);
                 chomp($line);
@@ -11420,7 +11422,7 @@
                 return;
             }
         } 
-        if (open(my $fh,"<$container")) {
+        if (open(my $fh,'<',$container)) {
             $content = join('', <$fh>);
             close($fh);
         } else {
@@ -11485,7 +11487,7 @@
                         }
                     }
                 } else {
-                    if (open(my $fh,">$container")) {
+                    if (open(my $fh,'>',$container)) {
                         print $fh $content;
                         close($fh);
                         $output = '<p>'.&mt('Updated [quant,_1,reference] in [_2].',
@@ -12002,6 +12004,18 @@
 
 sub process_decompression {
     my ($docudom,$docuname,$file,$destination,$dir_root,$hiddenelem) = @_;
+    unless (($dir_root eq '/userfiles') && ($destination =~ m{^(docs|supplemental)/(default|\d+)/\d+$})) {
+        return '<p class="LC_error">'.&mt('Not extracted.').'<br />'.
+               &mt('Unexpected file path.').'</p>'."\n";
+    }
+    unless (($docudom =~ /^$match_domain$/) && ($docuname =~ /^$match_courseid$/)) {
+        return '<p class="LC_error">'.&mt('Not extracted.').'<br />'.
+               &mt('Unexpected course context.').'</p>'."\n";
+    }
+    unless ($file eq &Apache::lonnet::clean_filename($file)) {
+        return '<p class="LC_error">'.&mt('Not extracted.').'<br />'.
+               &mt('Filename contained unexpected characters.').'</p>'."\n";
+    }
     my ($dir,$error,$warning,$output);
     if ($file !~ /\.(zip|tar|bz2|gz|tar.gz|tar.bz2|tgz)$/i) {
         $error = &mt('Filename not a supported archive file type.').
@@ -12036,30 +12050,44 @@
                 }
             }
             my $numskip = scalar(@to_skip);
-            if (($numskip > 0) && 
-                ($numskip == $env{'form.archive_itemcount'})) {
+            my $numoverwrite = scalar(@to_overwrite);
+            if (($numskip) && (!$numoverwrite)) {
                 $warning = &mt('All items in the archive file already exist, and no overwriting of existing files has been requested.');         
             } elsif ($dir eq '') {
                 $error = &mt('Directory containing archive file unavailable.');
             } elsif (!$error) {
                 my ($decompressed,$display);
-                if ($numskip > 0) {
+                if (($numskip) || ($numoverwrite)) {
                     my $tempdir = time.'_'.$$.int(rand(10000));
                     mkdir("$dir/$tempdir",0755);
-                    system("mv $dir/$file $dir/$tempdir/$file");
-                    ($decompressed,$display) = 
-                        &decompress_uploaded_file($file,"$dir/$tempdir");
-                    foreach my $item (@to_skip) {
-                        if (($item ne '') && ($item !~ /\.\./)) {
-                            if (-f "$dir/$tempdir/$item") { 
-                                unlink("$dir/$tempdir/$item");
-                            } elsif (-d "$dir/$tempdir/$item") {
-                                system("rm -rf $dir/$tempdir/$item");
+                    if (&File::Copy::move("$dir/$file","$dir/$tempdir/$file")) {
+                        ($decompressed,$display) =
+                            &decompress_uploaded_file($file,"$dir/$tempdir");
+                        foreach my $item (@to_skip) {
+                            if (($item ne '') && ($item !~ /\.\./)) {
+                                if (-f "$dir/$tempdir/$item") {
+                                    unlink("$dir/$tempdir/$item");
+                                } elsif (-d "$dir/$tempdir/$item") {
+                                    &File::Path::remove_tree("$dir/$tempdir/$item",{ safe => 1 });
+                                }
+                            }
+                        }
+                        foreach my $item (@to_overwrite) {
+                            if ((-e "$dir/$tempdir/$item") && (-e "$dir/$item")) {
+                                if (($item ne '') && ($item !~ /\.\./)) {
+                                    if (-f "$dir/$item") {
+                                        unlink("$dir/$item");
+                                    } elsif (-d "$dir/$item") {
+                                        &File::Path::remove_tree("$dir/$item",{ safe => 1 });
+                                    }
+                                    &File::Copy::move("$dir/$tempdir/$item","$dir/$item");
+                                }
                             }
                         }
+                        if (&File::Copy::move("$dir/$tempdir/$file","$dir/$file")) {
+                            &File::Path::remove_tree("$dir/$tempdir",{ safe => 1 });
+                        }
                     }
-                    system("mv $dir/$tempdir/* $dir");
-                    rmdir("$dir/$tempdir");   
                 } else {
                     ($decompressed,$display) = 
                         &decompress_uploaded_file($file,$dir);
@@ -12077,8 +12105,7 @@
                     if (ref($newdirlistref) eq 'ARRAY') {
                         foreach my $dir_line (@{$newdirlistref}) {
                             my ($item,undef,undef,$testdir)=split(/\&/,$dir_line,5);
-                            unless (($item =~ /^\.+$/) || ($item eq $file) || 
-                                    ((@to_skip > 0) && (grep(/^\Q$item\E$/, at to_skip)))) {
+                            unless (($item =~ /^\.+$/) || ($item eq $file)) { 
                                 push(@newitems,$item);
                                 if ($dirptr&$testdir) {
                                     $is_dir{$item} = 1;
@@ -12563,7 +12590,7 @@
 sub process_extracted_files {
     my ($context,$docudom,$docuname,$destination,$dir_root,$hiddenelem) = @_;
     my $numitems = $env{'form.archive_count'};
-    return unless ($numitems);
+    return if ((!$numitems) || ($numitems =~ /\D/));
     my @ids=&Apache::lonnet::current_machine_ids();
     my ($prefix,$pathtocheck,$dir,$ishome,$error,$warning,%toplevelitems,%is_dir,
         %folders,%containers,%mapinner,%prompttofetch);
@@ -12576,7 +12603,7 @@
     } else {
         $prefix = $Apache::lonnet::perlvar{'lonDocRoot'};
         $pathtocheck = "$dir_root/$docudom/$docuname/$destination";
-        $dir = "$dir_root/$docudom/$docuname";    
+        $dir = "$dir_root/$docudom/$docuname";
     }
     my $currdir = "$dir_root/$destination";
     (my $docstype,$mapinner{'0'}) = ($destination =~ m{^(docs|supplemental)/(\w+)/});
@@ -12665,7 +12692,9 @@
                                                         '.'.$containers{$outer},1,1);
                             $newseqid{$i} = $newidx;
                             unless ($errtext) {
-                                $result .=  '<li>'.&mt('Folder: [_1] added to course',$docstitle).'</li>'."\n";
+                                $result .=  '<li>'.&mt('Folder: [_1] added to course',
+                                                       &HTML::Entities::encode($docstitle,'<>&"'))..
+                                            '</li>'."\n";
                             }
                         }
                     } else {
@@ -12674,38 +12703,47 @@
                             my $url = '/uploaded/'.$docudom.'/'.$docuname.'/'.
                                       $docstype.'/'.$mapinner{$outer}.'/'.$newidx.'/'.
                                       $title;
-                            if (!-e "$prefix$dir/$docstype/$mapinner{$outer}") {
-                                mkdir("$prefix$dir/$docstype/$mapinner{$outer}",0755);
-                            }
-                            if (!-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
-                                mkdir("$prefix$dir/$docstype/$mapinner{$outer}/$newidx");
-                            }
-                            if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
-                                system("mv $prefix$path $prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title");
-                                $newdest{$i} = "$prefix$dir/$docstype/$mapinner{$outer}/$newidx";
-                                unless ($ishome) {
-                                    my $fetch = "$newdest{$i}/$title";
-                                    $fetch =~ s/^\Q$prefix$dir\E//;
-                                    $prompttofetch{$fetch} = 1;
+                            if (($outer !~ /\D/) && ($mapinner{$outer} !~ /\D/) && ($newidx !~ /\D/)) {
+                                if (!-e "$prefix$dir/$docstype/$mapinner{$outer}") {
+                                    mkdir("$prefix$dir/$docstype/$mapinner{$outer}",0755);
                                 }
-                            }
-                            $LONCAPA::map::resources[$newidx]=
-                                $docstitle.':'.$url.':false:normal:res';
-                            push(@LONCAPA::map::order, $newidx);
-                            my ($outtext,$errtext)=
-                                &LONCAPA::map::storemap('/uploaded/'.$docudom.'/'.
-                                                        $docuname.'/'.$folders{$outer}.
-                                                        '.'.$containers{$outer},1,1);
-                            unless ($errtext) {
-                                if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title") {
-                                    $result .= '<li>'.&mt('File: [_1] added to course',$docstitle).'</li>'."\n";
+                                if (!-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
+                                    mkdir("$prefix$dir/$docstype/$mapinner{$outer}/$newidx");
+                                }
+                                if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
+                                    if (rename("$prefix$path","$prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title")) {
+                                        $newdest{$i} = "$prefix$dir/$docstype/$mapinner{$outer}/$newidx";
+                                        unless ($ishome) {
+                                            my $fetch = "$newdest{$i}/$title";
+                                            $fetch =~ s/^\Q$prefix$dir\E//;
+                                            $prompttofetch{$fetch} = 1;
+                                        }
+                                   }
+                                }
+                                $LONCAPA::map::resources[$newidx]=
+                                    $docstitle.':'.$url.':false:normal:res';
+                                push(@LONCAPA::map::order, $newidx);
+                                my ($outtext,$errtext)=
+                                    &LONCAPA::map::storemap('/uploaded/'.$docudom.'/'.
+                                                            $docuname.'/'.$folders{$outer}.
+                                                            '.'.$containers{$outer},1,1);
+                                unless ($errtext) {
+                                    if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title") {
+                                        $result .= '<li>'.&mt('File: [_1] added to course',
+                                                              &HTML::Entities::encode($docstitle,'<>&"')).
+                                                   '</li>'."\n";
+                                    }
                                 }
+                            } else {
+                                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',
+                                                &HTML::Entities::encode($path,'<>&"')).'<br />';
                             }
                         }
                     }
                 }
             } else {
-                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',$path).'<br />';
+                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',
+                                &HTML::Entities::encode($path,'<>&"')).'<br />';
             }
         }
         for (my $i=1; $i<=$numitems; $i++) {
@@ -12766,7 +12804,9 @@
                         }
                         if ($fullpath ne '') {
                             if (-e "$prefix$path") {
-                                system("mv $prefix$path $fullpath/$title");
+                                unless (rename("$prefix$path","$fullpath/$title")) {
+                                     $warning .= &mt('Failed to rename dependency').'<br />';
+                                }
                             }
                             if (-e "$fullpath/$title") {
                                 my $showpath;
@@ -12775,21 +12815,26 @@
                                 } else {
                                     $showpath = "/$title";
                                 }
-                                $result .= '<li>'.&mt('[_1] included as a dependency',$showpath).'</li>'."\n";
-                            }
-                            unless ($ishome) {
-                                my $fetch = "$fullpath/$title";
-                                $fetch =~ s/^\Q$prefix$dir\E//;
-                                $prompttofetch{$fetch} = 1;
+                                $result .= '<li>'.&mt('[_1] included as a dependency',
+                                                      &HTML::Entities::encode($showpath,'<>&"')).
+                                           '</li>'."\n";
+                                unless ($ishome) {
+                                    my $fetch = "$fullpath/$title";
+                                    $fetch =~ s/^\Q$prefix$dir\E//;
+                                    $prompttofetch{$fetch} = 1;
+                                }
                             }
                         }
                     }
                 } elsif ($env{'form.archive_'.$referrer{$i}} eq 'discard') {
                     $warning .= &mt('[_1] is a dependency of [_2], which was discarded.',
-                                    $path,$env{'form.archive_content_'.$referrer{$i}}).'<br />';
+                                    &HTML::Entities::encode($path,'<>&"'),
+                                    &HTML::Entities::encode($env{'form.archive_content_'.$referrer{$i}},'<>&"')).
+                                '<br />';
                 }
             } else {
-                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',$path).'<br />';
+                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',
+                                &HTML::Entities::encode($path)).'<br />';
             }
         }
         if (keys(%todelete)) {
@@ -13063,12 +13108,15 @@
     $env{'form.upfile'}=~s/\n+/\n/gs;
     $env{'form.upfile'}=~s/\n+$//gs;
 
-    my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
-	'_enroll_'.$env{'request.course.id'}.'_'.time.'_'.$$;
+    my $datatoken = &valid_datatoken($env{'user.name'}.'_'.$env{'user.domain'}.
+                                     '_enroll_'.$env{'request.course.id'}.'_'.
+                                     time.'_'.$$);
+    return if ($datatoken eq '');
+
     {
         my $datafile = $r->dir_config('lonDaemons').
                            '/tmp/'.$datatoken.'.tmp';
-        if ( open(my $fh,">$datafile") ) {
+        if ( open(my $fh,'>',$datafile) ) {
             print $fh $env{'form.upfile'};
             close($fh);
         }
@@ -13078,21 +13126,22 @@
 
 =pod
 
-=item * &load_tmp_file($r)
+=item * &load_tmp_file($r,$datatoken)
 
 Load uploaded file from tmp, $r should be the HTTP Request object,
-needs $env{'form.datatoken'},
+$datatoken is the name to assign to the temporary file.
 sets $env{'form.upfile'} to the contents of the file
 
 =cut
 
 sub load_tmp_file {
-    my $r=shift;
+    my ($r,$datatoken) = @_;
+    return if ($datatoken eq '');
     my @studentdata=();
     {
         my $studentfile = $r->dir_config('lonDaemons').
-                              '/tmp/'.$env{'form.datatoken'}.'.tmp';
-        if ( open(my $fh,"<$studentfile") ) {
+                              '/tmp/'.$datatoken.'.tmp';
+        if ( open(my $fh,'<',$studentfile) ) {
             @studentdata=<$fh>;
             close($fh);
         }
@@ -13100,6 +13149,14 @@
     $env{'form.upfile'}=join('', at studentdata);
 }
 
+sub valid_datatoken {
+    my ($datatoken) = @_;
+    if ($datatoken =~ /^$match_username\_$match_domain\_enroll_$match_domain\_$match_courseid\_\d+_\d+$/) {
+        return $datatoken;
+    }
+    return;
+}
+
 =pod
 
 =item * &upfile_record_sep()
@@ -14042,7 +14099,7 @@
         $lastresort = $origmail;
     }
 
-    if (($mailing eq 'helpdesk') && ($lastresort ne '')) {
+    if (($mailing eq 'helpdeskmail') && ($lastresort ne '')) {
         unless (grep(/^\Q$defdom\E$/,&Apache::lonnet::current_machine_domains())) {
             my $lonhost = $Apache::lonnet::perlvar{'lonHostID'};
             my $machinedom = $Apache::lonnet::perlvar{'lonDefDomain'};
@@ -14122,7 +14179,7 @@
             }
         }
     }
-    if ($mailing eq 'helpdesk') {
+    if ($mailing eq 'helpdeskmail') {
         if ((!@recipients) && ($lastresort ne '')) {
             push(@recipients,$lastresort);
         }


More information about the LON-CAPA-cvs mailing list