[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonacc.pm
raeburn
raeburn at source.lon-capa.org
Wed Sep 30 15:33:59 EDT 2020
raeburn Wed Sep 30 19:33:59 2020 EDT
Modified files: (Branch: version_2_11_X)
/loncom/auth lonacc.pm
Log:
- For 2.11
Backport 1.180
-------------- next part --------------
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.159.2.11 loncom/auth/lonacc.pm:1.159.2.12
--- loncom/auth/lonacc.pm:1.159.2.11 Mon Sep 28 01:31:42 2020
+++ loncom/auth/lonacc.pm Wed Sep 30 19:33:59 2020
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.159.2.11 2020/09/28 01:31:42 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.12 2020/09/30 19:33:59 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -435,22 +435,6 @@
return undef;
}
-sub needs_symb_check {
- my ($requrl) = @_;
- $requrl=~/\.(\w+)$/;
- if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
- ($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
- ($requrl=~/^\/adm\/wrapper\//) ||
- ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
- ($requrl=~m|\.problem/smpedit$|) ||
- ($requrl=~/^\/public\/.*\/syllabus$/) ||
- ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
- ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
- return 1;
- }
- return;
-}
-
sub handler {
my $r = shift;
my $requrl=$r->uri;
@@ -545,6 +529,7 @@
if ($value =~ /^supplemental/) {
$suppext = 1;
}
+ last;
}
}
}
@@ -608,17 +593,35 @@
# ---------------------------------------------------------------- Check access
my $now = time;
+ my $check_symb;
if ($requrl !~ m{^/(?:adm|public|(?:prt|zip)spool)/}
|| $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
my ($access,$poss_symb);
- if (($env{'request.course.id'}) && (!$suppext) && (&needs_symb_check($requrl))) {
- unless ($env{'form.symb'}) {
- if ($r->args) {
- &Apache::loncommon::get_unprocessed_cgi($r->args,['symb']);
- }
+ if (($env{'request.course.id'}) && (!$suppext)) {
+ $requrl=~/\.(\w+)$/;
+ if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+ ($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
+ ($requrl=~/^\/adm\/wrapper\//) ||
+ ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
+ ($requrl=~m|\.problem/smpedit$|) ||
+ ($requrl=~/^\/public\/.*\/syllabus$/) ||
+ ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
+ ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
+ $check_symb = 1;
}
+ }
+ if ($check_symb) {
if ($env{'form.symb'}) {
$poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});
+ } elsif (($env{'request.course.id'}) && ($r->args ne '')) {
+ my $query = $r->args;
+ foreach my $pair (split(/&/,$query)) {
+ my ($name, $value) = split(/=/,$pair);
+ if ($name eq 'symb') {
+ $poss_symb = &Apache::lonnet::symbclean($value);
+ last;
+ }
+ }
}
if ($poss_symb) {
my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);
@@ -715,7 +718,7 @@
$env{'user.domain'} eq 'public' &&
$requrl !~ m{^/+(res|public|uploaded)/} &&
$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
- $requrl !~ m{^/adm/blockingstatus/.*$} &&
+ $requrl !~ m{^/adm/blockingstatus/.*$} &&
$requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;
@@ -725,7 +728,7 @@
if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);
my $query=$r->args;
- if (&needs_symb_check($requrl)) {
+ if ($check_symb) {
# ------------------------------------- This is serious stuff, get symb and log
my $symb;
if ($query) {
@@ -768,54 +771,52 @@
if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
$requrl = $1;
}
- unless ($suppext) {
- $symb=&Apache::lonnet::symbread($requrl);
- if (&Apache::lonnet::is_on_map($requrl) && $symb) {
- my ($encstate,$invalidsymb);
- unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {
- $invalidsymb = 1;
- #
- # If $env{'request.enc'} is true, but no encryption for $symb retrieved
- # by original lonnet::symbread() call, call again to check for an instance
- # of $requrl in the course which has encryption, and set that as the symb.
- # If there is no such symb, or symbverify() fails for the new symb proceed
- # to report invalid symb.
- #
- if ($env{'request.enc'} && !$encstate) {
- my %possibles;
- my $nocache = 1;
- $symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
- if ($symb) {
- if (&Apache::lonnet::symbverify($symb,$requrl)) {
- $invalidsymb = '';
- }
- } elsif (keys(%possibles) > 1) {
- $r->internal_redirect('/adm/ambiguous');
- return OK;
+ $symb=&Apache::lonnet::symbread($requrl);
+ if (&Apache::lonnet::is_on_map($requrl) && $symb) {
+ my ($encstate,$invalidsymb);
+ unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {
+ $invalidsymb = 1;
+ #
+ # If $env{'request.enc'} is true, but no encryption for $symb retrieved
+ # by original lonnet::symbread() call, call again to check for an instance
+ # of $requrl in the course which has encryption, and set that as the symb.
+ # If there is no such symb, or symbverify() fails for the new symb proceed
+ # to report invalid symb.
+ #
+ if ($env{'request.enc'} && !$encstate) {
+ my %possibles;
+ my $nocache = 1;
+ $symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
+ if ($symb) {
+ if (&Apache::lonnet::symbverify($symb,$requrl)) {
+ $invalidsymb = '';
}
+ } elsif (keys(%possibles) > 1) {
+ $r->internal_redirect('/adm/ambiguous');
+ return OK;
}
- if ($invalidsymb) {
- $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
- $env{'user.error.msg'}=
- "$requrl:bre:1:1:Invalid Access";
- return HTTP_NOT_ACCEPTABLE;
- }
+ }
+ if ($invalidsymb) {
+ $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
+ $env{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
}
}
- if ($symb) {
- my ($map,$mid,$murl)=
- &Apache::lonnet::decode_symb($symb);
- if ($requrl eq '/adm/navmaps') {
- &Apache::lonnet::symblist($map,$murl =>[$murl,$mid]);
- } else {
- if (($map =~ /\.page$/) && ($requrl !~ /\.page$/)) {
- my $mapsymb = &Apache::lonnet::symbread($map);
- ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
- }
- &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
- 'last_known' =>[$murl,$mid]);
+ }
+ if ($symb) {
+ my ($map,$mid,$murl)=
+ &Apache::lonnet::decode_symb($symb);
+ if ($requrl eq '/adm/navmaps') {
+ &Apache::lonnet::symblist($map,$murl =>[$murl,$mid]);
+ } else {
+ if (($map =~ /\.page$/) && ($requrl !~ /\.page$/)) {
+ my $mapsymb = &Apache::lonnet::symbread($map);
+ ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
- }
+ &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
+ }
}
}
$env{'request.symb'}=$symb;
More information about the LON-CAPA-cvs
mailing list