[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonacc.pm
raeburn
raeburn at source.lon-capa.org
Wed Feb 10 06:07:46 EST 2021
raeburn Wed Feb 10 11:07:46 2021 EDT
Modified files: (Branch: version_2_11_X)
/loncom/auth lonacc.pm
Log:
- For 2.11
Backport 1.187
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.159.2.18 loncom/auth/lonacc.pm:1.159.2.19
--- loncom/auth/lonacc.pm:1.159.2.18 Mon Jan 4 03:47:01 2021
+++ loncom/auth/lonacc.pm Wed Feb 10 11:07:46 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.159.2.18 2021/01/04 03:47:01 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.19 2021/02/10 11:07:46 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -756,18 +756,32 @@
}
if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});
- if ($requrl eq '/adm/navmaps') {
- my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
- &Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
- } elsif ($requrl =~ m|^/adm/wrapper/|
- || $requrl =~ m|^/adm/coursedocs/showdoc/|) {
- my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
- if ($map =~ /\.page$/) {
- my $mapsymb = &Apache::lonnet::symbread($map);
- ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
+ if (($requrl eq '/adm/navmaps') ||
+ ($requrl =~ m{^/adm/wrapper/}) ||
+ ($requrl =~ m{^/adm/coursedocs/showdoc/})) {
+ unless (&Apache::lonnet::symbverify($symb,$requrl)) {
+ if (&Apache::lonnet::is_on_map($requrl)) {
+ $symb = &Apache::lonnet::symbread($requrl);
+ unless (&Apache::lonnet::symbverify($symb,$requrl)) {
+ undef($symb);
+ }
+ }
+ }
+ if ($symb) {
+ if ($requrl eq '/adm/navmaps') {
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
+ } elsif (($requrl =~ m{^/adm/wrapper/}) ||
+ ($requrl =~ m{^/adm/coursedocs/showdoc/})) {
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ if ($map =~ /\.page$/) {
+ my $mapsymb = &Apache::lonnet::symbread($map);
+ ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
+ }
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
+ }
}
- &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
- 'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
(($requrl=~m|(.*)/smpedit$|) &&
&Apache::lonnet::symbverify($symb,$1)) ||
@@ -827,10 +841,14 @@
}
}
if ($invalidsymb) {
- $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
- $env{'user.error.msg'}=
- "$requrl:bre:1:1:Invalid Access";
- return HTTP_NOT_ACCEPTABLE;
+ if ($requrl eq '/adm/navmaps') {
+ undef(symb);
+ } else {
+ $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
+ $env{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
+ }
}
}
}
More information about the LON-CAPA-cvs
mailing list