[LON-CAPA-cvs] cvs: loncom /publisher lonupload.pm

raeburn raeburn at source.lon-capa.org
Mon Mar 4 14:54:35 EST 2019 

raeburn		Mon Mar  4 19:54:35 2019 EDT

  Modified files:              
    /loncom/publisher	lonupload.pm 
  Log:
  - Uploading a file to Authoring Space.
    - Remove characters which are not allowed.
    - Replace pattern: .number.extension with _letter.extension
    - Include feedback to user about changes made.
  
  
Index: loncom/publisher/lonupload.pm
diff -u loncom/publisher/lonupload.pm:1.68 loncom/publisher/lonupload.pm:1.69
--- loncom/publisher/lonupload.pm:1.68	Sun Nov 12 23:01:00 2017
+++ loncom/publisher/lonupload.pm	Mon Mar  4 19:54:35 2019
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to upload files into construction space
 #
-# $Id: lonupload.pm,v 1.68 2017/11/12 23:01:00 raeburn Exp $
+# $Id: lonupload.pm,v 1.69 2019/03/04 19:54:35 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -176,6 +176,7 @@
     # Check for file to be uploaded
     $env{'form.upfile.filename'}=~s/\\/\//g;
     $env{'form.upfile.filename'}=~s/^.*\/([^\/]+)$/$1/;
+    $env{'form.upfile.filename'}=~s/(\s+$|^\s+)//g;
     if (!$env{'form.upfile.filename'}) {
         $r->print('<p class="LC_warning">'.&mt('No upload file specified.').'</p>'.
                   &earlyout($fn,$uname,$udom));
@@ -214,6 +215,14 @@
 
 # Split part that I can change from the part that I cannot change
     my ($fn1,$fn2)=($fn=~/^(\/priv\/[^\/]+\/[^\/]+\/)(.*)$/);
+# Check for pattern: .number.extension which is reserved for LON-CAPA versioning. 
+# Check for disallowed characters: #?&%:<>`|, and remove
+    if ($fn2 ne '') {
+        ($fn2,my $warning) = &check_filename($fn2);
+        if ($warning ne '') {
+            $r->print($warning);
+        }
+    }
     # Display additional options for upload
     # and upload button
     $r->print(
@@ -281,7 +290,7 @@
 	my $base = &File::Basename::basename($fn);
 	my $path = &File::Basename::dirname($fn);
 	$base    = &HTML::Entities::encode($base,'<>&"');
-	my $url  = $path."/".$base; 
+	my $url  = $path."/".$base;
 	&Debug($r, "URL is now ".$url);
 	my $datatoken;
         if ($env{'form.datatoken'} =~ /^$match_username\_$match_domain\_upload_\w*_\d+_\d+$/) {
@@ -421,6 +430,47 @@
     return ($result,$returnflag);
 }
 
+sub check_filename {
+    my ($fname) = @_;
+    my $warning;
+    if ($fname =~/[#\?&%":<>`|]/) {
+        $fname =~s/[#\?&%":<>`|]//g;
+        $warning .= '<p class="LC_warning">'
+                   .&mt('Removed one or more disallowed characters from filename')
+                   .'</p>';
+    }
+    if ($fname=~ /\.(\d+)\.(\w+)$/) {
+        my $num = $1;
+        $warning .= '<p class="LC_warning">'
+                   .&mt('Bad filename [_1]','<span class="LC_filename">'.$fname.'</span>')
+                   .'<br />'
+                   .&mt('[_1](name).(number).(extension)[_2] not allowed.','<tt>','</tt>')
+                   .'<br />'
+                   .&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','<tt>','</tt>')
+                   .'</p>';
+        if ($num eq '0') {
+            $fname =~ s/\.(\d+)(\.\w+)$/_A$2/;
+        } else {
+            my $letts = '';
+            my %digletter = reverse &Apache::lonnet::letter_to_digits();
+            if ($num >= 100) {
+                $num = substr($num,-2);
+            }
+            foreach my $digit (split('',$num)) {
+                $letts .= $digletter{$digit};
+            }
+            $fname =~ s/\.(\d+)(\.\w+)$/_$letts$2/;
+        }
+    }
+    if ($fname =~/___/) {
+        $fname =~s/_+/_/g;
+        $warning .= '<p class="LC_warning">'
+                    .&mt('Changed ___ to a single _ in filename')
+                    .'</p>';
+    }
+    return ($fname,$warning);
+}
+
 sub phasethree {
     my ($r,$fn,$uname,$udom,$mode) = @_;
 
@@ -503,10 +553,18 @@
 
     my $r=shift;
     my $javascript = '';
-    my $fn=$env{'form.filename'};
+    my $fn;
+    my $warning;
 
     if ($env{'form.filename1'}) {
-       $fn=$env{'form.filename1'}.$env{'form.filename2'};
+        my $fn1 = $env{'form.filename1'};
+        my $fn2 = $env{'form.filename2'};
+        $fn2 =~ s/(\s+$|^\s+)//g;
+        $fn2 =~ s/\/+/\//g;
+        ($fn2,$warning) = &check_filename($fn2);
+        $fn = $fn1.$fn2;
+    } else {
+        $fn = $env{'form.filename'};
     }
     $fn=~s/\/+/\//g;
 
@@ -519,8 +577,8 @@
     my ($uname,$udom)=&Apache::lonnet::constructaccess($fn);
 
     unless (($uname) && ($udom)) {
-        $r->log_reason($uname.' at '.$udom.
-                       ' trying to publish file '.$env{'form.filename'}.
+        $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}.
+                       ' trying to upload file '.$fn.
                        ' - not authorized',
                        $r->filename);
         return HTTP_NOT_ACCEPTABLE;
@@ -575,6 +633,9 @@
                  .'</p>'
         );
     }
+    if ($warning) {
+        $r->print($warning);
+    }
     if ($env{'form.phase'} eq 'four') {
         my $output = &phasefour($r,$fn,$uname,$udom,'author');
         $r->print($output);
@@ -589,7 +650,7 @@
     }
 
     $r->print(&Apache::loncommon::end_page());
-    return OK;  
+    return OK;
 }
 
 1;

More information about the LON-CAPA-cvs mailing list