[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonlogout.pm

[raeburn]

raeburn		Sun Sep  2 21:23:08 2018 EDT

  Modified files:              (Branch: version_2_11_X)
    /loncom/auth	lonlogout.pm 
  Log:
  - For 2.11
    Backport 1.51, 1.53
  
  
Index: loncom/auth/lonlogout.pm
diff -u loncom/auth/lonlogout.pm:1.45.2.3 loncom/auth/lonlogout.pm:1.45.2.4
--- loncom/auth/lonlogout.pm:1.45.2.3	Thu Mar 12 00:50:46 2015
+++ loncom/auth/lonlogout.pm	Sun Sep  2 21:23:08 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Logout Handler
 #
-# $Id: lonlogout.pm,v 1.45.2.3 2015/03/12 00:50:46 raeburn Exp $
+# $Id: lonlogout.pm,v 1.45.2.4 2018/09/02 21:23:08 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -45,9 +45,11 @@
 use Apache::Constants qw(:common);
 use Apache::File;
 use Apache::lonnet;
+use Apache::loncommon;
 use Apache::lonmenu;
 use CGI::Cookie();
 use Apache::lonlocal;
+use LONCAPA qw(:DEFAULT :match);
 
 sub handler {
     my $r = shift;
@@ -105,19 +107,32 @@
 						   $switch);
     } else {
         my $domain = $env{'user.domain'};
-        my $headextra;
-        if ($env{'request.sso.login'}
-            && defined($r->dir_config("lonSSOUserLogoutHeadFile_$domain"))) {
-            if (open(my $fh,$r->dir_config("lonSSOUserLogoutHeadFile_$domain"))) {
-                $headextra = join('',<$fh>);
-                close($fh);
-            }
-        }
-        if ($env{'request.sso.login'}
-            && defined($r->dir_config('lonSSOUserLogoutHeadFile'))) {
-            if (open(my $fh,$r->dir_config('lonSSOUserLogoutHeadFile'))) {
-                $headextra.= join('',<$fh>);
-                close($fh);
+        my ($headextra,$ssofile);
+        if ($env{'request.sso.login'}) {
+            my $londocroot = $r->dir_config('lonDocRoot');
+            if ($domain =~ /^$match_domain$/) {
+                if (defined($r->dir_config("lonSSOUserLogoutHeadFile_$domain"))) {
+                    $ssofile = '/'.&Apache::loncommon::clean_path($r->dir_config("lonSSOUserLogoutHeadFile_$domain"));
+                    if ($ssofile eq $r->dir_config("lonSSOUserLogoutHeadFile_$domain")) {
+                        if ($ssofile =~ /^\Q$londocroot\E/) {
+                            if (open(my $fh,'<',$ssofile)) {
+                                $headextra = join('',<$fh>);
+                                close($fh);
+                            }
+                        }
+                    }
+                }
+            }
+            if (defined($r->dir_config('lonSSOUserLogoutHeadFile'))) {
+                $ssofile = '/'.&Apache::loncommon::clean_path($r->dir_config('lonSSOUserLogoutHeadFile'));
+                if ($ssofile eq $r->dir_config('lonSSOUserLogoutHeadFile')) {
+                    if ($ssofile =~ /^\Q$londocroot\E/) {
+                        if (open(my $fh,'<',$ssofile)) {
+                            $headextra.= join('',<$fh>);
+                            close($fh);
+                        }
+                    }
+                }
             }
         }
 	$start_page=&Apache::loncommon::start_page('Logged Out',$headextra,