[LON-CAPA-cvs] cvs: loncom /interface loncommon.pm lonextresedit.pm lonexturlcheck.pm
raeburn
raeburn at source.lon-capa.org
Thu May 2 19:09:39 EDT 2019
raeburn Thu May 2 23:09:39 2019 EDT
Modified files:
/loncom/interface lonexturlcheck.pm loncommon.pm lonextresedit.pm
Log:
- Bug 6910
- Change regexp used to check for valid external URL (assumes ascii-only DNS
hostname, and either http or https).
- Cache result of frameability check for 60 minutes, when rendering page
containing external resource URL, unless CC is using "Preview".
Index: loncom/interface/lonexturlcheck.pm
diff -u loncom/interface/lonexturlcheck.pm:1.2 loncom/interface/lonexturlcheck.pm:1.3
--- loncom/interface/lonexturlcheck.pm:1.2 Thu May 2 20:28:18 2019
+++ loncom/interface/lonexturlcheck.pm Thu May 2 23:09:38 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to check if external resource can be shown in iframe
#
-# $Id: lonexturlcheck.pm,v 1.2 2019/05/02 20:28:18 raeburn Exp $
+# $Id: lonexturlcheck.pm,v 1.3 2019/05/02 23:09:38 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -98,11 +98,12 @@
((&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) ||
(&Apache::lonnet::allowed('cev',$env{'request.course.id'})))) {
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['exturl']);
- if ($env{'form.exturl'} =~ m{^https?\://[^/]+}) {
+ $env{'form.exturl'} =~ s/^\s+|\s+$//g;
+ if ($env{'form.exturl'} =~ m{^https?\://([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}}i) {
my $hostname = $r->hostname();
my $lonhost = $r->dir_config('lonHostID');
my $ip = &Apache::lonnet::get_host_ip($lonhost);
- $r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip));
+ $r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip,1));
} else {
$r->print(0);
}
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1328 loncom/interface/loncommon.pm:1.1329
--- loncom/interface/loncommon.pm:1.1328 Thu May 2 02:12:18 2019
+++ loncom/interface/loncommon.pm Thu May 2 23:09:38 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.1328 2019/05/02 02:12:18 raeburn Exp $
+# $Id: loncommon.pm,v 1.1329 2019/05/02 23:09:38 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -18193,7 +18193,26 @@
}
sub is_nonframeable {
- my ($url,$absolute,$hostname,$ip) = @_;
+ my ($url,$absolute,$hostname,$ip,$nocache) = @_;
+ my ($remprotocol,$remhost) = ($url =~ m{^(https?)\://(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,})}i);
+ return if (($remprotocol eq '') || ($remhost eq ''));
+
+ $remprotocol = lc($remprotocol);
+ $remhost = lc($remhost);
+ my $remport = 80;
+ if ($remprotocol eq 'https') {
+ $remport = 443;
+ }
+ my ($result,$cached) = &Apache::lonnet::is_cached_new('exturlnoiframe',$remhost.':'.$remport);
+ if ($cached) {
+ unless ($nocache) {
+ if ($result) {
+ return 1;
+ } else {
+ return 0;
+ }
+ }
+ }
my $uselink;
my $request = new HTTP::Request('HEAD',$url);
my $response = &LONCAPA::LWPReq::makerequest('',$request,'','',5);
@@ -18203,8 +18222,7 @@
$secpolicy =~ s/^\s+|\s+$//g;
$xframeop =~ s/^\s+|\s+$//g;
if (($secpolicy ne '') || ($xframeop ne '')) {
- my ($remotehost) = ($url =~ m{^(https?\://[^/?#]+)});
- $remotehost = lc($remotehost);
+ my $remotehost = $remprotocol.'://'.$remhost;
my ($origin,$protocol,$port);
if ($ENV{'SERVER_PORT'} =~/^\d+$/) {
$port = $ENV{'SERVER_PORT'};
@@ -18302,10 +18320,29 @@
}
}
}
+ if ($nocache) {
+ if ($cached) {
+ my $devalidate;
+ if ($uselink && !$result) {
+ $devalidate = 1;
+ } elsif (!$uselink && $result) {
+ $devalidate = 1;
+ }
+ if ($devalidate) {
+ &Apache::lonnet::devalidate_cache_new('noiframe',$remhost.':'.$remport);
+ }
+ }
+ } else {
+ if ($uselink) {
+ $result = 1;
+ } else {
+ $result = 0;
+ }
+ &Apache::lonnet::do_cache_new('noiframe',$remhost.':'.$remport,$result,3600);
+ }
return $uselink;
}
-
1;
__END__;
Index: loncom/interface/lonextresedit.pm
diff -u loncom/interface/lonextresedit.pm:1.28 loncom/interface/lonextresedit.pm:1.29
--- loncom/interface/lonextresedit.pm:1.28 Thu May 2 02:12:18 2019
+++ loncom/interface/lonextresedit.pm Thu May 2 23:09:39 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: lonextresedit.pm,v 1.28 2019/05/02 02:12:18 raeburn Exp $
+# $Id: lonextresedit.pm,v 1.29 2019/05/02 23:09:39 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -981,12 +981,14 @@
http.onreadystatechange = function() {
if (http.readyState == 4) {
if (http.status == 200) {
- if (http.responseText == 1) {
- noiframe = 1;
- } else if (http.responseText == -1) {
- nopriv = 1;
- } else if (http.responseText == 0) {
- badurl = 1;
+ if (http.responseText.length > 0) {
+ if (http.responseText == 1) {
+ noiframe = 1;
+ } else if (http.responseText == -1) {
+ nopriv = 1;
+ } else if (http.responseText == 0) {
+ badurl = 1;
+ }
}
openPreviewWindow(url,name,noiframe,mixed,nopriv,badurl);
}
More information about the LON-CAPA-cvs
mailing list