From raeburn at source.lon-capa.org Mon Dec 13 14:55:44 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Mon, 13 Dec 2021 19:55:44 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface loncommon.pm Message-ID: raeburn Mon Dec 13 19:55:44 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface loncommon.pm Log: - For 2.11 Backport 1.1281, 1.1310 (part) 1.1323, 1.1345, 1.1346 (part), 1.1351, 1.1355, 1.1356, 1.1357, 1.1358, 1.1366, 1.1367, 1.1369, 1.1372 (part) -------------- next part -------------- Index: loncom/interface/loncommon.pm diff -u loncom/interface/loncommon.pm:1.1075.2.157 loncom/interface/loncommon.pm:1.1075.2.158 --- loncom/interface/loncommon.pm:1.1075.2.157 Sat Sep 11 16:00:23 2021 +++ loncom/interface/loncommon.pm Mon Dec 13 19:55:44 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # a pile of common routines # -# $Id: loncommon.pm,v 1.1075.2.157 2021/09/11 16:00:23 raeburn Exp $ +# $Id: loncommon.pm,v 1.1075.2.158 2021/12/13 19:55:44 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -1378,7 +1378,7 @@ } sub top_nav_help { - my ($text) = @_; + my ($text,$linkattr) = @_; $text = &mt($text); my $stay_on_page; unless ($env{'environment.remote'} eq 'on') { @@ -1394,7 +1394,7 @@ if ($link) { return <<"END"; $banner_link -$text +$text END } else { return ' '.$text.' '; @@ -3127,14 +3127,11 @@ $fsyscheck.' onchange="'.$jscall.'" onclick="'. $jscall.'"'.$disabled.' />'; } - $autharg = ''; $result = &mt ('[_1] Filesystem Authenticated (with initial password [_2])', - ''); + ''.$autharg); return $result; } @@ -4731,8 +4728,77 @@ ############################################### sub blockcheck { - my ($setters,$activity,$uname,$udom,$url,$is_course,$symb,$caller) = @_; + my ($setters,$activity,$clientip,$uname,$udom,$url,$is_course,$symb,$caller) = @_; + unless ($activity eq 'docs') { + my ($has_evb,$check_ipaccess); + my $dom = $env{'user.domain'}; + if ($env{'request.course.id'}) { + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $checkrole = "cm./$cdom/$cnum"; + my $sec = $env{'request.course.sec'}; + if ($sec ne '') { + $checkrole .= "/$sec"; + } + if ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($env{'request.role'} !~ /^st/)) { + $has_evb = 1; + } + unless ($has_evb) { + if (($activity eq 'printout') || ($activity eq 'grades') || ($activity eq 'search') || + ($activity eq 'boards') || ($activity eq 'groups') || ($activity eq 'chat')) { + if ($udom eq $cdom) { + $check_ipaccess = 1; + } + } + } + } + unless ($has_evb || $check_ipaccess) { + my @machinedoms = &Apache::lonnet::current_machine_domains(); + if (($dom eq 'public') && ($activity eq 'port')) { + $dom = $udom; + } + if (($dom ne '') && (grep(/^\Q$dom\E$/, at machinedoms))) { + $check_ipaccess = 1; + } else { + my $lonhost = $Apache::lonnet::perlvar{'lonHostID'}; + my $internet_names = &Apache::lonnet::get_internet_names($lonhost); + my $prim = &Apache::lonnet::domain($dom,'primary'); + my $intdom = &Apache::lonnet::internet_dom($prim); + if (($intdom ne '') && (ref($internet_names) eq 'ARRAY')) { + if (grep(/^\Q$intdom\E$/,@{$internet_names})) { + $check_ipaccess = 1; + } + } + } + } + if ($check_ipaccess) { + my ($ipaccessref,$cached)=&Apache::lonnet::is_cached_new('ipaccess',$dom); + unless (defined($cached)) { + my %domconfig = + &Apache::lonnet::get_dom('configuration',['ipaccess'],$dom); + $ipaccessref = &Apache::lonnet::do_cache_new('ipaccess',$dom,$domconfig{'ipaccess'},1800); + } + if ((ref($ipaccessref) eq 'HASH') && ($clientip)) { + foreach my $id (keys(%{$ipaccessref})) { + if (ref($ipaccessref->{$id}) eq 'HASH') { + my $range = $ipaccessref->{$id}->{'ip'}; + if ($range) { + if (&Apache::lonnet::ip_match($clientip,$range)) { + if (ref($ipaccessref->{$id}->{'commblocks'}) eq 'HASH') { + if ($ipaccessref->{$id}->{'commblocks'}->{$activity} eq 'on') { + return ('','','',$id,$dom); + last; + } + } + } + } + } + } + } + } + } if (defined($udom) && defined($uname)) { # If uname and udom are for a course, check for blocks in the course. if (($is_course) || (&Apache::lonnet::is_course($udom,$uname))) { @@ -4955,13 +5021,19 @@ my $end = $start + $env{'course.'.$cdom.'_'.$cnum.'.timerinterval.'.$timersymb}; if ($start && $end) { if (($start <= time) && ($end >= time)) { - unless (grep(/^\Q$block\E$/, at blockers)) { - push(@blockers,$block); - $triggered{$block} = { - start => $start, - end => $end, - type => $type, - }; + if (ref($commblocks{$block}) eq 'HASH') { + if (ref($commblocks{$block}{'blocks'}) eq 'HASH') { + if ($commblocks{$block}{'blocks'}{$activity} eq 'on') { + unless(grep(/^\Q$block\E$/, at blockers)) { + push(@blockers,$block); + $triggered{$block} = { + start => $start, + end => $end, + type => $type, + }; + } + } + } } } } @@ -5025,14 +5097,17 @@ } sub blocking_status { - my ($activity,$uname,$udom,$url,$is_course,$symb,$caller) = @_; + my ($activity,$clientip,$uname,$udom,$url,$is_course,$symb,$caller) = @_; my %setters; # check for active blocking - my ($startblock,$endblock,$triggerblock) = - &blockcheck(\%setters,$activity,$uname,$udom,$url,$is_course,$symb,$caller); + if ($clientip eq '') { + $clientip = &Apache::lonnet::get_requestor_ip(); + } + my ($startblock,$endblock,$triggerblock,$by_ip,$blockdom) = + &blockcheck(\%setters,$activity,$clientip,$uname,$udom,$url,$is_course,$symb,$caller); my $blocked = 0; - if ($startblock && $endblock) { + if (($startblock && $endblock) || ($by_ip)) { $blocked = 1; } @@ -5041,8 +5116,8 @@ # build a link to a popup window containing the details my $querystring = "?activity=$activity"; -# $uname and $udom decide whose portfolio the user is trying to look at - if (($activity eq 'port') || ($activity eq 'passwd')) { +# $uname and $udom decide whose portfolio (or information page) the user is trying to look at + if (($activity eq 'port') || ($activity eq 'about') || ($activity eq 'passwd')) { $querystring .= "&udom=$udom" if ($udom =~ /^$match_domain$/); $querystring .= "&uname=$uname" if ($uname =~ /^$match_username$/); } elsif ($activity eq 'docs') { @@ -5076,6 +5151,12 @@ $text = &mt('Printing Blocked'); } elsif ($activity eq 'passwd') { $text = &mt('Password Changing Blocked'); + } elsif ($activity eq 'grades') { + $text = &mt('Gradebook Blocked'); + } elsif ($activity eq 'search') { + $text = &mt('Search Blocked'); + } elsif ($activity eq 'about') { + $text = &mt('Access to User Information Pages Blocked'); } $output .= <<"END_BLOCK";
@@ -5228,6 +5309,17 @@ } } } + } elsif ($key eq 'saml') { + if (ref($domconfig{'login'}{$key}) eq 'HASH') { + foreach my $host (keys(%{$domconfig{'login'}{$key}})) { + if (ref($domconfig{'login'}{$key}{$host}) eq 'HASH') { + $designhash{$udom.'.login.'.$key.'_'.$host} = 1; + foreach my $item ('text','img','alt','url','title','notsso') { + $designhash{$udom.'.login.'.$key.'_'.$item.'_'.$host} = $domconfig{'login'}{$key}{$host}{$item}; + } + } + } + } } else { foreach my $img (keys(%{$domconfig{'login'}{$key}})) { $designhash{$udom.'.login.'.$key.'_'.$img} = @@ -5597,12 +5689,24 @@ if ($realm) { $realm = '/'.$realm; } - if ($role eq 'ca') { + if ($rol eq 'ca') { my ($rdom,$rname) = ($realm =~ m{^/($match_domain)/($match_username)$}); $realm = &plainname($rname,$rdom); } # realm + my ($cid,$sec); if ($env{'request.course.id'}) { + $cid = $env{'request.course.id'}; + if ($env{'request.course.sec'}) { + $sec = $env{'request.course.sec'}; + } + } elsif ($realm =~ m{^/($match_domain)/($match_courseid)(?:|/(\w+))$}) { + if (&Apache::lonnet::is_course($1,$2)) { + $cid = $1.'_'.$2; + $sec = $3; + } + } + if ($cid) { if ($env{'request.role'} !~ /^cr/) { $role = &Apache::lonnet::plaintext($role,&course_type()); } elsif ($role =~ m{^cr/($match_domain)/\1-domainconfig/(\w+)$}) { @@ -5614,10 +5718,10 @@ } else { $role = (split(/\//,$role,4))[-1]; } - if ($env{'request.course.sec'}) { - $role .= (' 'x2).'- '.&mt('section:').' '.$env{'request.course.sec'}; + if ($sec) { + $role .= (' 'x2).'- '.&mt('section:').' '.$sec; } - $realm = $env{'course.'.$env{'request.course.id'}.'.description'}; + $realm = $env{'course.'.$cid.'.description'}; } else { $role = &Apache::lonnet::plaintext($role); } @@ -5639,15 +5743,13 @@ if ($public) { undef($role); } - + my $titleinfo = '

'.$title.'

'; # # Extra info if you are the DC my $dc_info = ''; - if ($env{'user.adv'} && exists($env{'user.role.dc./'. - $env{'course.'.$env{'request.course.id'}. - '.domain'}.'/'})) { - my $cid = $env{'request.course.id'}; + if (($env{'user.adv'} && ($env{'request.course.id'}) && + (exists($env{'user.role.dc./'.$env{'course.'.$cid.'.domain'}.'/'}))) { $dc_info = $cid.' '.$env{'course.'.$cid.'.internal.coursecode'}; $dc_info =~ s/\s+$//; } @@ -5679,11 +5781,11 @@ $bodytag .= Apache::lonhtmlcommon::scripttag( Apache::lonmenu::utilityfunctions($httphost), 'start'); - my ($left,$right) = Apache::lonmenu::primary_menu(); + my ($left,$right) = Apache::lonmenu::primary_menu($args->{'links_disabled'}); if ($env{'request.noversionuri'} =~ m{^/res/adm/pages/}) { if ($dc_info) { - $dc_info = qq|$dc_info|; + $dc_info = qq|$dc_info|; } $bodytag .= qq|
$left $role
$realm $dc_info
|; @@ -5707,7 +5809,7 @@ } #don't show menus for public users if (!$public){ - $bodytag .= Apache::lonmenu::secondary_menu($httphost); + $bodytag .= Apache::lonmenu::secondary_menu($httphost,$args->{'links_disabled'}); $bodytag .= Apache::lonmenu::serverform(); $bodytag .= Apache::lonhtmlcommon::scripttag('', 'end'); if ($env{'request.state'} eq 'construct') { @@ -7825,6 +7927,18 @@ cursor:pointer; } +.LCisDisabled { + cursor: not-allowed; + opacity: 0.5; +} + +a[aria-disabled="true"] { + color: currentColor; + display: inline-block; /* For IE11/ MS Edge bug */ + pointer-events: none; + text-decoration: none; +} + pre.LC_wordwrap { white-space: pre-wrap; white-space: -moz-pre-wrap; @@ -8021,7 +8135,7 @@ } } if ($offload) { - my $newserver = &Apache::lonnet::spareserver(30000,undef,1,$dom_in_use); + my $newserver = &Apache::lonnet::spareserver(undef,30000,undef,1,$dom_in_use); if (($newserver eq '') && ($offloadoth)) { my @domains = &Apache::lonnet::current_machine_domains(); if (($dom_in_use ne '') && (!grep(/^\Q$dom_in_use\E$/, at domains))) { @@ -8203,7 +8317,8 @@ } my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; - my $blocked = &blocking_status('printout',$cnum,$cdom,undef,1); + my $clientip = &Apache::lonnet::get_requestor_ip(); + my $blocked = &blocking_status('printout',$clientip,$cnum,$cdom,undef,1); if ($blocked) { my $checkrole = "cm./$cdom/$cnum"; if ($env{'request.course.sec'} ne '') { @@ -8324,6 +8439,9 @@ will contain https:// if server uses https (as per hosts.tab), but request is for http hostname -> hostname, originally from $r->hostname(), (optional). + links_disabled -> Links in primary and secondary menus are disabled + (Can enable them once page has loaded - see lonroles.pm + for an example). =back @@ -15373,8 +15491,7 @@ 'plc.users.denied', 'hidefromcat', 'checkforpriv', - 'categories', - 'internal.uniquecode'], + 'categories'], $$crsudom,$$crsunum); if ($args->{'textbook'}) { $cenv{'internal.textbook'} = $args->{'textbook'}; @@ -17146,13 +17263,17 @@ if (-e $Apache::lonnet::perlvar{'lonCaptchaDir'}.'/'.$md5sum.'.png') { $output = ''."\n". + ''. &mt('Type in the letters/numbers shown below').' '. ''. - '
'. + '
'. 'captcha'; last; } } + if ($output eq '') { + &Apache::lonnet::logthis("Failed to create Captcha code after $tries attempts."); + } return $output; } @@ -17191,7 +17312,8 @@ sub create_recaptcha { my ($pubkey,$version) = @_; if ($version >= 2) { - return '
'; + return '
'. + '
'; } else { my $use_ssl; if ($ENV{'SERVER_PORT'} == 443) { @@ -17283,13 +17405,16 @@ # $interval indicates how often to check for messages. sub critical_redirect { my ($interval) = @_; + unless (($env{'user.domain'} ne '') && ($env{'user.name'} ne '')) { + return (); + } if ((time-$env{'user.criticalcheck.time'})>$interval) { my @what=&Apache::lonnet::dump('critical', $env{'user.domain'}, $env{'user.name'}); &Apache::lonnet::appenv({'user.criticalcheck.time'=>time}); my $redirecturl; if ($what[0]) { - if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { + if (($what[0] ne 'con_lost') && ($what[0] ne 'no_such_host') && ($what[0]!~/^error\:/)) { $redirecturl='/adm/email?critical=display'; my $url=&Apache::lonnet::absolute_url().$redirecturl; return (1, $url); From raeburn at source.lon-capa.org Mon Dec 13 15:09:54 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Mon, 13 Dec 2021 20:09:54 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface lonconfigsettings.pm Message-ID: raeburn Mon Dec 13 20:09:54 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface lonconfigsettings.pm Log: - For 2.11 Backport 1.48, 1.49, 1.50, 1.52, 1.53 Index: loncom/interface/lonconfigsettings.pm diff -u loncom/interface/lonconfigsettings.pm:1.21.4.11 loncom/interface/lonconfigsettings.pm:1.21.4.12 --- loncom/interface/lonconfigsettings.pm:1.21.4.11 Tue Aug 27 20:43:52 2019 +++ loncom/interface/lonconfigsettings.pm Mon Dec 13 20:09:54 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Handler to set domain-wide configuration settings # -# $Id: lonconfigsettings.pm,v 1.21.4.11 2019/08/27 20:43:52 raeburn Exp $ +# $Id: lonconfigsettings.pm,v 1.21.4.12 2021/12/13 20:09:54 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -214,9 +214,21 @@ my $optionsprefix = 'LC_options_helpdesk_'; $onload .= "toggleHelpdeskRow(document.display,'overrides','$customclass','$optionsprefix');"; } + if (grep(/^wafproxy$/, at actions)) { + $onload .= "toggleWAF();checkWAF();updateWAF();"; + } if (grep(/^scantron$/, at actions)) { $onload .= "toggleScantron('document.display');"; } + if (grep(/^autoupdate$/, at actions)) { + $onload .= "toggleLastActiveDays('document.display');"; + } + if (grep(/^login$/, at actions)) { + my %domservers = &Apache::lonnet::get_servers($dom); + foreach my $server (sort(keys(%domservers))) { + $onload .= "toggleSamlOptions(document.display,'$server');"; + } + } if ($onload) { my %loaditems = ( 'onload' => $onload, @@ -303,7 +315,7 @@ {href=>"javascript:changePage(document.$phase,'$phase')", text=>"Updated"}); &print_header($r,$phase,$context,undef,$container); - my ($crstype,%lastact); + my ($crstype,%lastact,$errors); if ($context eq 'course') { $crstype = &Apache::loncommon::course_type(); } @@ -317,9 +329,10 @@ $confname,$item,$roles,$values,\%lastact)); } else { $changes{$item} = {}; - &Apache::courseprefs::process_changes($dom,$item,$values, - $prefs->{$item},$changes{$item}, - $allitems,\%disallowed,$crstype); + $errors = + &Apache::courseprefs::process_changes($dom,$item,$values, + $prefs->{$item},$changes{$item}, + $allitems,\%disallowed,$crstype); if (keys(%{$changes{$item}}) > 0) { $numchanged ++; } @@ -351,6 +364,9 @@ } $r->print('

'); } + if ($errors) { + $r->print('

'.$errors.'

'); + } } $r->print('

'); my $footer_text = 'Back to configuration display'; @@ -501,8 +517,8 @@ $thirddiv = 1; } } - $r->print('


'); } + $r->print('
'); $r->print(&print_footer($r,$phase,'display','Display',undef,$container,$parm_permission)); $r->print(''); $r->print(&Apache::loncommon::end_page()); From raeburn at source.lon-capa.org Mon Dec 13 15:12:12 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Mon, 13 Dec 2021 20:12:12 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface loncreatecourse.pm Message-ID: raeburn Mon Dec 13 20:12:12 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface loncreatecourse.pm Log: - For 2.11 Backport 1.176 Index: loncom/interface/loncreatecourse.pm diff -u loncom/interface/loncreatecourse.pm:1.158.2.7 loncom/interface/loncreatecourse.pm:1.158.2.8 --- loncom/interface/loncreatecourse.pm:1.158.2.7 Sun May 31 16:01:09 2020 +++ loncom/interface/loncreatecourse.pm Mon Dec 13 20:12:12 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # Create a course # -# $Id: loncreatecourse.pm,v 1.158.2.7 2020/05/31 16:01:09 raeburn Exp $ +# $Id: loncreatecourse.pm,v 1.158.2.8 2021/12/13 20:12:12 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -436,7 +436,7 @@ .'' - .' ' + .' ' .&Apache::lonhtmlcommon::row_closure() .&Apache::lonhtmlcommon::row_headline() .''.$lt{'asov'}.'' From raeburn at source.lon-capa.org Mon Dec 13 15:53:06 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Mon, 13 Dec 2021 20:53:06 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface loncreateuser.pm Message-ID: raeburn Mon Dec 13 20:53:06 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface loncreateuser.pm Log: - For 2.11 Backport 1.455, 1.456, 1.457 Index: loncom/interface/loncreateuser.pm diff -u loncom/interface/loncreateuser.pm:1.406.2.19 loncom/interface/loncreateuser.pm:1.406.2.20 --- loncom/interface/loncreateuser.pm:1.406.2.19 Wed Sep 9 02:16:05 2020 +++ loncom/interface/loncreateuser.pm Mon Dec 13 20:53:06 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Create a user # -# $Id: loncreateuser.pm,v 1.406.2.19 2020/09/09 02:16:05 raeburn Exp $ +# $Id: loncreateuser.pm,v 1.406.2.20 2021/12/13 20:53:06 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -71,6 +71,7 @@ use Apache::lonuserutils; use Apache::loncoursequeueadmin; use LONCAPA qw(:DEFAULT :match); +use HTML::Entities; my $loginscript; # piece of javascript used in two separate instances my $authformnop; @@ -2381,8 +2382,8 @@ } sub personal_data_display { - my ($ccuname,$ccdomain,$newuser,$context,$inst_results,$rolesarray, - $now,$captchaform,$emailusername,$usertype,$usernameset,$condition,$excluded) = @_; + my ($ccuname,$ccdomain,$newuser,$context,$inst_results,$rolesarray,$now, + $captchaform,$emailusername,$usertype,$usernameset,$condition,$excluded,$showsubmit) = @_; my ($output,%userenv,%canmodify,%canmodify_status); my @userinfo = ('firstname','middlename','lastname','generation', 'permanentemail','id'); @@ -2507,10 +2508,11 @@ if ($usernameset eq 'free') { my $onclick = "toggleUsernameDisp(this,'selfcreateusername');"; $output .= &Apache::lonhtmlcommon::row_title($lt{'username'},undef,'LC_oddrow_value')."\n". - &mt('Use e-mail address: '). - ''."\n". - (' 'x2). - ''."\n". + ''.&mt('Use e-mail address: '). + ''.(' 'x2). + ''."\n". ''); } # @@ -4837,7 +4839,7 @@ '
'. - ''. + ''. ''); } From raeburn at source.lon-capa.org Mon Dec 13 22:15:12 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 03:15:12 -0000 Subject: [LON-CAPA-cvs] cvs: loncom /interface lonrss.pm Message-ID: raeburn Tue Dec 14 03:15:12 2021 EDT Modified files: /loncom/interface lonrss.pm Log: - Typo Index: loncom/interface/lonrss.pm diff -u loncom/interface/lonrss.pm:1.60 loncom/interface/lonrss.pm:1.61 --- loncom/interface/lonrss.pm:1.60 Tue Nov 30 17:35:10 2021 +++ loncom/interface/lonrss.pm Tue Dec 14 03:15:12 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # RSS Feeder # -# $Id: lonrss.pm,v 1.60 2021/11/30 17:35:10 raeburn Exp $ +# $Id: lonrss.pm,v 1.61 2021/12/14 03:15:12 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -289,7 +289,7 @@ } elsif ($blockcause eq 'ip') { my $showdom = &Apache::lonnet::domain($blockdom); if ($showdom eq '') { - $showdom = $blockdom + $showdom = $blockdom; } $output .= &mt('This restriction was set by an administrator in the [_1] LON-CAPA domain',$showdom); } else { From raeburn at source.lon-capa.org Mon Dec 13 22:22:21 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 03:22:21 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface lonrss.pm Message-ID: raeburn Tue Dec 14 03:22:21 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface lonrss.pm Log: - For 2.11 Backport 1.59, 1.60, 1.61 Index: loncom/interface/lonrss.pm diff -u loncom/interface/lonrss.pm:1.53.2.4 loncom/interface/lonrss.pm:1.53.2.5 --- loncom/interface/lonrss.pm:1.53.2.4 Wed Aug 14 16:06:42 2019 +++ loncom/interface/lonrss.pm Tue Dec 14 03:22:21 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # RSS Feeder # -# $Id: lonrss.pm,v 1.53.2.4 2019/08/14 16:06:42 raeburn Exp $ +# $Id: lonrss.pm,v 1.53.2.5 2021/12/14 03:22:21 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -244,7 +244,7 @@ } sub blocking_blogdisplay { - my ($uname,$udom,$html,$filterfeedname) = @_; + my ($uname,$udom,$html,$filterfeedname,$clientip) = @_; my $user = &Apache::loncommon::plainname($uname,$udom); if ($html) { $user = &Apache::loncommon::aboutmewrapper($user,$uname,$udom); @@ -253,23 +253,29 @@ } my %setters; my ($blocked,$output,$blockcause); - my ($startblock,$endblock) = - &Apache::loncommon::blockcheck(\%setters,'blogs'); + my ($startblock,$endblock,$triggerblock,$by_ip,$blockdom) = + &Apache::loncommon::blockcheck(\%setters,'blogs',$clientip); if ($startblock && $endblock) { $blockcause = 'user'; + } elsif ($by_ip) { + $blockcause = 'ip'; } else { if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { ($startblock,$endblock) = - &Apache::loncommon::blockcheck(\%setters,'blogs', + &Apache::loncommon::blockcheck(\%setters,'blogs',$clientip, $uname,$udom); $blockcause = 'blogowner'; } } - if ($startblock && $endblock) { + if (($startblock && $endblock) || ($by_ip)) { $blocked = 1; - my $showstart = &Apache::lonlocal::locallocaltime($startblock); - my $showend = &Apache::lonlocal::locallocaltime($endblock); - $output = &mt('Blogs belonging to [_1] are unavailable from [_2] to [_3].',$user,$showstart,$showend); + if ($startblock && $endblock) { + my $showstart = &Apache::lonlocal::locallocaltime($startblock); + my $showend = &Apache::lonlocal::locallocaltime($endblock); + $output = &mt('Blogs belonging to [_1] are unavailable from [_2] to [_3].',$user,$showstart,$showend); + } else { + $output = &mt('Blogs are unavailable from your current IP address: [_1].',$clientip); + } if ($html) {$output.='
';} if ($blockcause eq 'user') { $output .= &mt('This is because you are a student in one or more courses in which communication is being blocked.'); @@ -277,9 +283,15 @@ #$output .= '
'. #&Apache::loncommon::build_block_table($startblock, # $endblock,\%setters); - my ($blocked, $blocktext) = Apache::loncommon::blocking_status('blogs'); + my ($blocked, $blocktext) = Apache::loncommon::blocking_status('blogs',$clientip); $output .= '

'.$blocktext; } + } elsif ($blockcause eq 'ip') { + my $showdom = &Apache::lonnet::domain($blockdom); + if ($showdom eq '') { + $showdom = $blockdom; + } + $output .= &mt('This restriction was set by an administrator in the [_1] LON-CAPA domain',$showdom); } else { $output .= &mt('This is because the blog owner is a student in one or more courses in which communication is being blocked.'); } @@ -325,7 +337,8 @@ my ($displayfeedname,$displayoption)=&displayfeedname($filename,$uname,$udom); my ($blocked,$blocktext,$disabled,$disabletext); if (!&Apache::lonnet::is_course($udom,$uname)) { - ($blocked,$blocktext) = &blocking_blogdisplay($uname,$udom,$html,$filterfeedname); + my $clientip = &Apache::lonnet::get_requestor_ip($r); + ($blocked,$blocktext) = &blocking_blogdisplay($uname,$udom,$html,$filterfeedname,$clientip); if (&Apache::lonnet::usertools_access($uname,$udom,'blog')) { $disabled = 0; } else { From raeburn at source.lon-capa.org Mon Dec 13 22:34:43 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 03:34:43 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface portfolio.pm Message-ID: raeburn Tue Dec 14 03:34:43 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface portfolio.pm Log: - For 2.11 Backport 1.264, 1.265 Index: loncom/interface/portfolio.pm diff -u loncom/interface/portfolio.pm:1.254.2.5 loncom/interface/portfolio.pm:1.254.2.6 --- loncom/interface/portfolio.pm:1.254.2.5 Wed Sep 9 01:11:48 2020 +++ loncom/interface/portfolio.pm Tue Dec 14 03:34:43 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # portfolio browser # -# $Id: portfolio.pm,v 1.254.2.5 2020/09/09 01:11:48 raeburn Exp $ +# $Id: portfolio.pm,v 1.254.2.6 2021/12/14 03:34:43 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -909,13 +909,13 @@ $info .= '
  • '.&mt('Passphrase-protected files do not require log-in, but will require the viewer to enter the passphrase you set.'); $info .= '
  • '.&explain_conditionals(); $info .= '
    • '. - &mt('A listing of files viewable without log-in is available at: ')."".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme/portfolio.
    "; + &mt('A listing of files viewable without log-in is available at: ')."".&Apache::lonnet::absolute_url()."/adm/$udom/$uname/aboutme/portfolio.
    "; if ($group eq '') { $info .= &mt("For logged in users a 'Display file listing' link will also appear (when there are viewable files) on your personal information page:"); } else { $info .= &mt("For logged in users a 'Display file listing' link will also appear (when there are viewable files) on the course information page:"); } - $info .= "
    ".&Apache::lonnet::absolute_url($ENV{'SERVER_NAME'})."/adm/$udom/$uname/aboutme
    "; + $info .= "
    ".&Apache::lonnet::absolute_url()."/adm/$udom/$uname/aboutme
    "; if ($group ne '') { $info .= &mt("Users with course editing rights may add a 'Group Portfolio' item using the Course Editor (Collaboration tab), to provide access to viewable group portfolio files.").'
    '; } @@ -2769,8 +2769,9 @@ } $r->rflush(); # Check if access to portfolio is blocked by one or more blocking events in courses. + my $clientip = &Apache::lonnet::get_requestor_ip($r); my ($blocked,$blocktext) = - &Apache::loncommon::blocking_status('port',$uname,$udom); + &Apache::loncommon::blocking_status('port',$clientip,$uname,$udom); if ($blocked) { my $evade_block; # If portfolio display is in a window popped up from a "Select Portfolio Files" From raeburn at source.lon-capa.org Tue Dec 14 07:53:12 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 12:53:12 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface selfenroll.pm Message-ID: raeburn Tue Dec 14 12:53:12 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface selfenroll.pm Log: - For 2.11 Backport 1.36 Index: loncom/interface/selfenroll.pm diff -u loncom/interface/selfenroll.pm:1.27.2.7 loncom/interface/selfenroll.pm:1.27.2.8 --- loncom/interface/selfenroll.pm:1.27.2.7 Sun Jun 20 16:23:21 2021 +++ loncom/interface/selfenroll.pm Tue Dec 14 12:53:12 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow users to self-enroll in a course # -# $Id: selfenroll.pm,v 1.27.2.7 2021/06/20 16:23:21 raeburn Exp $ +# $Id: selfenroll.pm,v 1.27.2.8 2021/12/14 12:53:12 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -456,7 +456,7 @@ } if ($selfenroll_approval) { my $outcome = - &store_selfenroll_request($udom,$uname,$usec,$cdom,$cnum, + &store_selfenroll_request($r,$udom,$uname,$usec,$cdom,$cnum, $selfenroll_notifylist,$owner, $selfenroll_approval,$crstype,$lonhost,$handle); $r->print($outcome); @@ -536,7 +536,7 @@ } sub store_selfenroll_request { - my ($udom,$uname,$usec,$cdom,$cnum,$selfenroll_notifylist,$owner, + my ($r,$udom,$uname,$usec,$cdom,$cnum,$selfenroll_notifylist,$owner, $selfenroll_approval,$crstype,$lonhost,$handle) = @_; my $namespace = 'selfenrollrequests'; my $output; @@ -552,7 +552,7 @@ } if ($status eq 'pending') { my $token = $info{$cdom.'_'.$cnum}{'token'}; - my ($statusupdate,$pendingform) = &pending_selfenrollment_form($cdom,$cnum,$crstype,$token,$lonhost); + my ($statusupdate,$pendingform) = &pending_selfenrollment_form($r,$cdom,$cnum,$crstype,$token,$lonhost); if ($statusupdate eq 'pending') { $output .= $pendingform; } @@ -590,7 +590,7 @@ } $output = &mt('Your request for self-enrollment has been recorded.').'
    '; if ($status eq 'pending') { - my ($statusupdate,$pendingform) = &pending_selfenrollment_form($cdom,$cnum,$crstype,$token,$lonhost); + my ($statusupdate,$pendingform) = &pending_selfenrollment_form($r,$cdom,$cnum,$crstype,$token,$lonhost); if ($statusupdate eq 'request') { $status = $statusupdate; } else { @@ -631,7 +631,7 @@ } sub pending_selfenrollment_form { - my ($cdom,$cnum,$crstype,$token,$lonhost) = @_; + my ($r,$cdom,$cnum,$crstype,$token,$lonhost) = @_; my ($status,$output); my $coursetype = &Apache::lonuserutils::get_extended_type($cdom,$cnum,$crstype); my %postvalues = ( @@ -668,6 +668,8 @@ my $hostname = &Apache::lonnet::hostname($lonhost); my $protocol = $Apache::lonnet::protocol{$lonhost}; $protocol = 'http' if ($protocol ne 'https'); + my $alias = &Apache::lonnet::use_proxy_alias($r,$lonhost); + $hostname = $alias if ($alias ne ''); my $enroller = $protocol.'://'.$hostname.'/cgi-bin/enrollqueued.pl'; $output .= ''."\n". ''."\n". From raeburn at source.lon-capa.org Tue Dec 14 07:59:21 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 12:59:21 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /interface/spreadsheet lonspreadsheet.pm Message-ID: raeburn Tue Dec 14 12:59:21 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/interface/spreadsheet lonspreadsheet.pm Log: - For 2.11 Backport 1.66, 1.67 Index: loncom/interface/spreadsheet/lonspreadsheet.pm diff -u loncom/interface/spreadsheet/lonspreadsheet.pm:1.61.6.2 loncom/interface/spreadsheet/lonspreadsheet.pm:1.61.6.3 --- loncom/interface/spreadsheet/lonspreadsheet.pm:1.61.6.2 Fri Aug 9 23:05:18 2013 +++ loncom/interface/spreadsheet/lonspreadsheet.pm Tue Dec 14 12:59:21 2021 @@ -1,5 +1,5 @@ # -# $Id: lonspreadsheet.pm,v 1.61.6.2 2013/08/09 23:05:18 raeburn Exp $ +# $Id: lonspreadsheet.pm,v 1.61.6.3 2021/12/14 12:59:21 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -241,6 +241,29 @@ } # + # Check if display of course gradebook is blocked + # + + if ($env{'request.course.id'}) { + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $clientip = &Apache::lonnet::get_requestor_ip($r); + my ($blocked,$blocktext) = + &Apache::loncommon::blocking_status('grades',$clientip,$cnum,$cdom); + if ($blocked) { + my $checkrole = "cm./$cdom/$cnum"; + if ($env{'request.course.sec'} ne '') { + $checkrole .= "/$env{'request.course.sec'}"; + } + unless ((&Apache::lonnet::allowed('evb',undef,undef,$checkrole)) && + ($env{'request.role'} !~ m{^st\./$cdom/$cnum})) { + &Apache::lonquickgrades::grades_blocked($r,$blocktext,'spreadsheet'); + return OK; + } + } + } + + # # Do not allow users without vgr or mgr priv to continue unless # grading type is set to spreadsheet. # From raeburn at source.lon-capa.org Tue Dec 14 08:08:27 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 13:08:27 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) / loncapa_apache.conf Message-ID: raeburn Tue Dec 14 13:08:27 2021 EDT Modified files: (Branch: version_2_11_X) /loncom loncapa_apache.conf Log: - For 2.11 Backport 1.276 Index: loncom/loncapa_apache.conf diff -u loncom/loncapa_apache.conf:1.215.2.29 loncom/loncapa_apache.conf:1.215.2.30 --- loncom/loncapa_apache.conf:1.215.2.29 Sat Sep 12 17:57:03 2020 +++ loncom/loncapa_apache.conf Tue Dec 14 13:08:26 2021 @@ -2,7 +2,7 @@ ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file ## -# $Id: loncapa_apache.conf,v 1.215.2.29 2020/09/12 17:57:03 raeburn Exp $ +# $Id: loncapa_apache.conf,v 1.215.2.30 2021/12/14 13:08:26 raeburn Exp $ # # LON-CAPA Section (extensions to httpd.conf daemon configuration) @@ -700,6 +700,7 @@ + Header set Cache-Control "private,no-store,no-cache,max-age=0" AuthType shibboleth ShibUseEnvironment On @@ -708,6 +709,8 @@ require valid-user PerlAuthzHandler Apache::lonshibacc PerlAuthzHandler Apache::lonacc + ErrorDocument 403 /adm/login + ErrorDocument 500 /adm/errorhandler PerlTypeHandler Apache::lonnoshib From raeburn at source.lon-capa.org Tue Dec 14 09:16:13 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 14:16:13 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) / lond Message-ID: raeburn Tue Dec 14 14:16:13 2021 EDT Modified files: (Branch: version_2_11_X) /loncom lond Log: - For 2.11 Backport 1.569 Index: loncom/lond diff -u loncom/lond:1.489.2.41 loncom/lond:1.489.2.42 --- loncom/lond:1.489.2.41 Sun Jun 20 16:24:09 2021 +++ loncom/lond Tue Dec 14 14:16:13 2021 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.489.2.41 2021/06/20 16:24:09 raeburn Exp $ +# $Id: lond,v 1.489.2.42 2021/12/14 14:16:13 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -63,7 +63,7 @@ my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.489.2.41 $'; #' stupid emacs +my $VERSION='$Revision: 1.489.2.42 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -5118,15 +5118,23 @@ } my ($id,$store); $tmpsnum++; - if (($context eq 'resetpw') || ($context eq 'createaccount')) { - $id = &md5_hex(&md5_hex(time.{}.rand().$$)); + my $numtries = 0; + my $execdir=$perlvar{'lonDaemons'}; + if (($context eq 'resetpw') || ($context eq 'createaccount') || + ($context eq 'sso') || ($context eq 'link') || ($context eq 'retry')) { + $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum)); + while ((-e "$execdir/tmp/$id.tmp") && ($numtries <10)) { + undef($id); + $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum)); + $numtries ++; + } } else { $id = $$.'_'.$clientip.'_'.$tmpsnum; } $id=~s/\W/\_/g; $record=~s/\n//g; - my $execdir=$perlvar{'lonDaemons'}; - if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) { + if (($id ne '') && + ($store=IO::File->new(">$execdir/tmp/$id.tmp"))) { print $store $record; close $store; &Reply($client, \$id, $userinput); @@ -7358,7 +7366,7 @@ Debug("Main: Got $user_input\n"); $keep_going = &process_request($user_input); alarm(0); - &status('Listening to '.$clientname." ($keymode)"); + &status('Listening to '.$clientname." ($keymode)"); } # --------------------------------------------- client unknown or fishy, refuse @@ -7374,8 +7382,8 @@ &logthis("CRITICAL: " ."Disconnect from $clientip ($clientname)"); - - + + # this exit is VERY important, otherwise the child will become # a producer of more and more children, forking yourself into # process death. From raeburn at source.lon-capa.org Tue Dec 14 15:23:40 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 20:23:40 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /lonnet/perl lonnet.pm Message-ID: raeburn Tue Dec 14 20:23:40 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/lonnet/perl lonnet.pm Log: - For 2.11 Backport 1.1447, 1.1448, 1.1449, 1.1450, 1.1451, 1.1452, 1.1453, 1.1454, 1.1455, 1.1456, 1.1457, 1.1464, 1.1465, 1.1466, 1.1467, 1.1468, 1.1469, 1.1470, 1.1471, 1.1472, 1.1473, 1.1474 -------------- next part -------------- Index: loncom/lonnet/perl/lonnet.pm diff -u loncom/lonnet/perl/lonnet.pm:1.1172.2.141 loncom/lonnet/perl/lonnet.pm:1.1172.2.142 --- loncom/lonnet/perl/lonnet.pm:1.1172.2.141 Sun Jun 20 16:39:27 2021 +++ loncom/lonnet/perl/lonnet.pm Tue Dec 14 20:23:40 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1172.2.141 2021/06/20 16:39:27 raeburn Exp $ +# $Id: lonnet.pm,v 1.1172.2.142 2021/12/14 20:23:40 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -95,6 +95,8 @@ use Digest::MD5; use Math::Random; use File::MMagic; +use Net::CIDR; +use Sys::Hostname::FQDN(); use LONCAPA qw(:DEFAULT :match); use LONCAPA::Configuration; use LONCAPA::lonmetadata; @@ -689,6 +691,9 @@ if (ref($userhashref) eq 'HASH') { $userhashref->{'name'} = $disk_env{'user.name'}; $userhashref->{'domain'} = $disk_env{'user.domain'}; + if ($disk_env{'request.role'}) { + $userhashref->{'role'} = $disk_env{'request.role'}; + } } untie(%disk_env); @@ -917,7 +922,7 @@ # ------------------------------ Find server with least workload from spare.tab sub spareserver { - my ($loadpercent,$userloadpercent,$want_server_name,$udom) = @_; + my ($r,$loadpercent,$userloadpercent,$want_server_name,$udom) = @_; my $spare_server; if ($userloadpercent !~ /\d/) { $userloadpercent=0; } my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent @@ -962,6 +967,8 @@ if ($protocol{$spare_server} eq 'https') { $protocol = $protocol{$spare_server}; } + my $alias = &Apache::lonnet::use_proxy_alias($r,$spare_server); + $hostname = $alias if ($alias ne ''); $spare_server = $protocol.'://'.$hostname; } } @@ -2024,7 +2031,7 @@ sub is_domainimage { my ($url) = @_; - if ($url=~m-^/+res/+($match_domain)/+\1\-domainconfig/+(img|logo|domlogo)/+[^/]-) { + if ($url=~m-^/+res/+($match_domain)/+\1\-domainconfig/+(img|logo|domlogo|login)/+[^/]-) { if (&domain($1) ne '') { return '1'; } @@ -2482,6 +2489,13 @@ $domdefaults{'adhocroles'} = $domconfig{'helpsettings'}{'adhoc'}; } } + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { + if ($domconfig{'wafproxy'}{$item}) { + $domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; + } + } + } &do_cache_new('domdefaults',$domain,\%domdefaults,$cachetime); return %domdefaults; } @@ -4601,6 +4615,29 @@ if (! defined($dom) || $dom eq '' || ! defined($name) || $name eq '') { my $cid = $env{'request.course.id'}; +# +# FIXME 11/29/2021 +# Typo in rev. 1.458 (2003/12/09)?? +# These should likely by $env{'course.'.$cid.'.domain'} and $env{'course.'.$cid.'.num'} +# +# While these ramain as $env{'request.'.$cid.'.domain'} and $env{'request.'.$cid.'.num'} +# $dom and $name will always be null, so the &inc() call will default to storing this data +# in a nohist_accesscount.db file for the user rather than the course. +# +# That said there is a lot of noise in the data being stored. +# So counts for prtspool/ and adm/ etc. are recorded. +# +# A review of which items ending '___count' are written to %accesshash should likely be +# made before deciding whether to set these to 'course.' instead of 'request.' +# +# Under the current scheme each user receives a nohist_accesscount.db file listing +# accesses for things which are not published resources, regardless of course, and +# there is not a nohist_accesscount.db file in a course, which might log accesses from +# anyone in the course for things which are not published resources. +# +# For an author, nohist_accesscount.db ends up having records for other items +# mixed up with the legitimate access counts for the author's published resources. +# $dom = $env{'request.'.$cid.'.domain'}; $name = $env{'request.'.$cid.'.num'}; } @@ -7272,15 +7309,15 @@ if ($result) { my %setters; if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') { - my ($startblock,$endblock) = - &Apache::loncommon::blockcheck(\%setters,'port',$unum,$udom); - if ($startblock && $endblock) { + my ($startblock,$endblock,$triggerblock,$by_ip,$blockdom) = + &Apache::loncommon::blockcheck(\%setters,'port',$clientip,$unum,$udom); + if (($startblock && $endblock) || ($by_ip)) { return 'B'; } } else { - my ($startblock,$endblock) = - &Apache::loncommon::blockcheck(\%setters,'port'); - if ($startblock && $endblock) { + my ($startblock,$endblock,$triggerblock,$by_ip,$blockdo) = + &Apache::loncommon::blockcheck(\%setters,'port',$clientip); + if (($startblock && $endblock) || ($by_ip)) { return 'B'; } } @@ -7857,9 +7894,9 @@ if (($space=~/^(uploaded|editupload)$/) && ($env{'user.name'} eq $name) && ($env{'user.domain'} eq $domain) && ('portfolio' eq $dir[0])) { my %setters; - my ($startblock,$endblock) = - &Apache::loncommon::blockcheck(\%setters,'port'); - if ($startblock && $endblock) { + my ($startblock,$endblock,$triggerblock,$by_ip,$blockdom) = + &Apache::loncommon::blockcheck(\%setters,'port',$clientip); + if (($startblock && $endblock) || ($by_ip)) { return 'B'; } else { return 'F'; @@ -7952,8 +7989,8 @@ my $adom = $1; foreach my $key (keys(%env)) { if ($key =~ m{^user\.role\.(ca|aa)/\Q$adom\E}) { - my ($start,$end) = split('.',$env{$key}); - if (($now >= $start) && (!$end || $end < $now)) { + my ($start,$end) = split(/\./,$env{$key}); + if (($now >= $start) && (!$end || $end > $now)) { $ownaccess = 1; last; } @@ -7965,8 +8002,8 @@ foreach my $role ('ca','aa') { if ($env{"user.role.$role./$adom/$aname"}) { my ($start,$end) = - split('.',$env{"user.role.$role./$adom/$aname"}); - if (($now >= $start) && (!$end || $end < $now)) { + split(/\./,$env{"user.role.$role./$adom/$aname"}); + if (($now >= $start) && (!$end || $end > $now)) { $ownaccess = 1; last; } @@ -8231,16 +8268,48 @@ # # Possibly locked functionality, check all courses +# In roles.tab, L (unless locked) available for bre, pch, plc, pac and sma. # Locks might take effect only after 10 minutes cache expiration for other -# courses, and 2 minutes for current course +# courses, and 2 minutes for current course, in which user has st or ta role +# which is neither expired nor a future role (unless current course). - my $envkey; + my ($needlockcheck,$now,$crsonly); if ($thisallowed=~/L/) { - foreach $envkey (keys(%env)) { + $now = time; + if ($priv eq 'bre') { + if ($uri ne '') { + if ($orguri =~ m{^/+res/}) { + if ($uri =~ m{^lib/templates/}) { + if ($env{'request.course.id'}) { + $crsonly = 1; + $needlockcheck = 1; + } + } else { + $needlockcheck = 1; + } + } elsif ($env{'request.course.id'}) { + my ($crsdom,$crsnum) = split('_',$env{'request.course.id'}); + if (($uri =~ m{^(adm|uploaded|public)/$crsdom/$crsnum/}) || + ($uri =~ m{^adm/$match_domain/$match_username/\d+/(smppg|bulletinboard)$})) { + $crsonly = 1; + } + $needlockcheck = 1; + } + } + } elsif (($priv eq 'pch') || ($priv eq 'plc') || ($priv eq 'pac') || ($priv eq 'sma')) { + $needlockcheck = 1; + } + } + if ($needlockcheck) { + foreach my $envkey (keys(%env)) { if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { my $courseid=$2; my $roleid=$1.'.'.$2; $courseid=~s/^\///; + unless ($env{'request.role'} eq $roleid) { + my ($start,$end) = split(/\./,$env{$envkey}); + next unless (($now >= $start) && (!$end || $end > $now)); + } my $expiretime=600; if ($env{'request.role'} eq $roleid) { $expiretime=120; @@ -8263,7 +8332,7 @@ } if (($env{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,\Q$csec\E\,/) || ($env{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { - if ($env{'priv.'.$priv.'.lock.expire'}>time) { + if ($env{$prefix.'priv.'.$priv.'.lock.expire'}>time) { &log($env{'user.domain'},$env{'user.name'}, $env{'user.home'}, 'Locked by priv: '.$priv.' for '.$uri.' due to '. @@ -8480,7 +8549,11 @@ my ($blocks) = @_; my %blockers = (); return %blockers unless ($env{'request.course.id'}); - return %blockers if ($env{'user.priv.'.$env{'request.role'}} =~/evb\&([^\:]*)/); + my $courseurl = &courseid_to_courseurl($env{'request.course.id'}); + if ($env{'request.course.sec'}) { + $courseurl .= '/'.$env{'request.course.sec'}; + } + return %blockers if ($env{'user.priv.'.$env{'request.role'}.'.'.$courseurl} =~/evb\&([^\:]*)/); my %commblocks; if (ref($blocks) eq 'HASH') { %commblocks = %{$blocks}; @@ -8512,10 +8585,9 @@ } } elsif ($block =~ /^firstaccess____(.+)$/) { my $item = $1; - my @to_test; if (ref($commblocks{$block}{'blocks'}) eq 'HASH') { if (ref($commblocks{$block}{'blocks'}{'docs'}) eq 'HASH') { - my @interval; + my (@interval,$mapname); my $type = 'map'; if ($item eq 'course') { $type = 'course'; @@ -8524,36 +8596,11 @@ if ($item =~ /___\d+___/) { $type = 'resource'; @interval=&EXT("resource.0.interval",$item); - if (ref($navmap)) { - my $res = $navmap->getBySymb($item); - push(@to_test,$res); - } } else { - my $mapsymb = &symbread($item,1); - if ($mapsymb) { - if (ref($navmap)) { - my $mapres = $navmap->getBySymb($mapsymb); - if (ref($mapres)) { - my $first = $mapres->map_start(); - my $finish = $mapres->map_finish(); - my $it = $navmap->getIterator($first,$finish,undef,0,0); - if (ref($it)) { - my $res; - while ($res = $it->next(undef,1)) { - next unless (ref($res)); - my $symb = $res->symb(); - next if (($symb eq $mapsymb) || ($symb eq '')); - @interval=&EXT("resource.0.interval",$symb); - if ($interval[1] eq 'map') { - if ($res->answerable()) { - push(@to_test,$res); - last; - } - } - } - } - } - } + $mapname = &deversion($item); + if (ref($navmap)) { + my $timelimit = $navmap->get_mapparam(undef,$mapname,'0.interval'); + @interval = ($timelimit,'map'); } } } @@ -8570,10 +8617,37 @@ my $timesup = $first_access+$interval[0]; if ($timesup > $now) { my $activeblock; - foreach my $res (@to_test) { - if ($res->answerable()) { - $activeblock = 1; - last; + if ($type eq 'resource') { + if (ref($navmap)) { + my $res = $navmap->getBySymb($item); + if ($res->answerable()) { + $activeblock = 1; + } + } + } elsif ($type eq 'map') { + my $mapsymb = &symbread($mapname,1); + if (($mapsymb) && (ref($navmap))) { + my $mapres = $navmap->getBySymb($mapsymb); + if (ref($mapres)) { + my $first = $mapres->map_start(); + my $finish = $mapres->map_finish(); + my $it = $navmap->getIterator($first,$finish,undef,0,0); + if (ref($it)) { + my $res; + while ($res = $it->next(undef,1)) { + next unless (ref($res)); + my $symb = $res->symb(); + next if (($symb eq $mapsymb) || ($symb eq '')); + @interval=&EXT("resource.0.interval",$symb); + if ($interval[1] eq 'map') { + if ($res->answerable()) { + $activeblock = 1; + last; + } + } + } + } + } } } if ($activeblock) { @@ -8603,8 +8677,12 @@ my @blockers; return unless ($env{'request.course.id'}); return unless ($priv eq 'bre'); - return if ($env{'user.priv.'.$env{'request.role'}} =~/evb\&([^\:]*)/); return if ($env{'request.state'} eq 'construct'); + my $courseurl = &courseid_to_courseurl($env{'request.course.id'}); + if ($env{'request.course.sec'}) { + $courseurl .= '/'.$env{'request.course.sec'}; + } + return if ($env{'user.priv.'.$env{'request.role'}.'.'.$courseurl} =~/evb\&([^\:]*)/); my %blockinfo; if (ref($blocks) eq 'HASH') { %blockinfo = &get_commblock_resources($blocks); @@ -11487,7 +11565,7 @@ if ( (defined($Apache::lonhomework::parsing_a_problem) || defined($Apache::lonhomework::parsing_a_task)) && - ($symbparm eq &symbread()) ) { + ($symbparm eq &symbread()) ) { # if we are in the middle of processing the resource the # get the value we are planning on committing if (defined($Apache::lonhomework::results{$qualifierrest})) { @@ -13408,10 +13486,15 @@ sub additional_machine_domains { my @domains; - open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab"); - while( my $line = <$fh>) { - $line =~ s/\s//g; - push(@domains,$line); + if (-e "$perlvar{'lonTabDir'}/expected_domains.tab") { + if (open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab")) { + while( my $line = <$fh>) { + chomp($line); + $line =~ s/\s//g; + push(@domains,$line); + } + close($fh); + } } return @domains; } @@ -13492,17 +13575,230 @@ return; } +sub waf_allssl { + my ($host_name) = @_; + my $alias = &get_proxy_alias(); + if ($host_name eq '') { + $host_name = $ENV{'SERVER_NAME'}; + } + if (($host_name ne '') && ($alias eq $host_name)) { + my $serverhomedom = &host_domain($perlvar{'lonHostID'}); + my %defdomdefaults = &get_domain_defaults($serverhomedom); + if ($defdomdefaults{'waf_sslopt'}) { + return $defdomdefaults{'waf_sslopt'}; + } + } + return; +} + sub get_requestor_ip { my ($r,$nolookup,$noproxy) = @_; my $from_ip; if (ref($r)) { - $from_ip = $r->get_remote_host($nolookup); + if ($r->can('useragent_ip')) { + if ($noproxy && $r->can('client_ip')) { + $from_ip = $r->client_ip(); + } else { + $from_ip = $r->useragent_ip(); + } + } elsif ($r->connection->can('remote_ip')) { + $from_ip = $r->connection->remote_ip(); + } else { + $from_ip = $r->get_remote_host($nolookup); + } } else { $from_ip = $ENV{'REMOTE_ADDR'}; } + return $from_ip if ($noproxy); + # Who controls proxy settings for server + my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'}; + my $proxyinfo = &get_proxy_settings($dom_in_use); + if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) { + if ($proxyinfo->{'vpnint'}) { + if (&ip_match($from_ip,$proxyinfo->{'vpnint'})) { + return $from_ip; + } + } + if ($proxyinfo->{'trusted'}) { + if (&ip_match($from_ip,$proxyinfo->{'trusted'})) { + my $ipheader = $proxyinfo->{'ipheader'}; + my ($ip,$xfor); + if (ref($r)) { + if ($ipheader) { + $ip = $r->headers_in->{$ipheader}; + } + $xfor = $r->headers_in->{'X-Forwarded-For'}; + } else { + if ($ipheader) { + $ip = $ENV{'HTTP_'.uc($ipheader)}; + } + $xfor = $ENV{'HTTP_X_FORWARDED_FOR'}; + } + if (($ip eq '') && ($xfor ne '')) { + foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) { + unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) { + $ip = $poss_ip; + last; + } + } + } + if ($ip ne '') { + return $ip; + } + } + } + } return $from_ip; } +sub get_proxy_settings { + my ($dom_in_use) = @_; + my %domdefaults = &Apache::lonnet::get_domain_defaults($dom_in_use); + my $proxyinfo = { + ipheader => $domdefaults{'waf_ipheader'}, + trusted => $domdefaults{'waf_trusted'}, + vpnint => $domdefaults{'waf_vpnint'}, + vpnext => $domdefaults{'waf_vpnext'}, + sslopt => $domdefaults{'waf_sslopt'}, + }; + return $proxyinfo; +} + +sub ip_match { + my ($ip,$pattern_str) = @_; + $ip=Net::CIDR::cidrvalidate($ip); + if ($ip) { + return Net::CIDR::cidrlookup($ip,split(/\s*,\s*/,$pattern_str)); + } + return; +} + +sub get_proxy_alias { + my ($lonid) = @_; + if ($lonid eq '') { + $lonid = $perlvar{'lonHostID'}; + } + if (!defined(&hostname($lonid))) { + return; + } + if ($lonid ne '') { + my ($alias,$cached) = &is_cached_new('proxyalias',$lonid); + if ($cached) { + return $alias; + } + my $dom = &Apache::lonnet::host_domain($lonid); + if ($dom ne '') { + my $cachetime = 60*60*24; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { + $alias = $domconfig{'wafproxy'}{'alias'}{$lonid}; + } + } + return &do_cache_new('proxyalias',$lonid,$alias,$cachetime); + } + } + return; +} + +sub use_proxy_alias { + my ($r,$lonid) = @_; + my $alias = &get_proxy_alias($lonid); + if ($alias) { + my $dom = &host_domain($lonid); + if ($dom ne '') { + my $proxyinfo = &get_proxy_settings($dom); + my ($vpnint,$remote_ip); + if (ref($proxyinfo) eq 'HASH') { + $vpnint = $proxyinfo->{'vpnint'}; + if ($vpnint) { + $remote_ip = &get_requestor_ip($r,1,1); + } + } + unless ($vpnint && &ip_match($remote_ip,$vpnint)) { + return $alias; + } + } + } + return; +} + +sub alias_sso { + my ($lonid) = @_; + if ($lonid eq '') { + $lonid = $perlvar{'lonHostID'}; + } + if (!defined(&hostname($lonid))) { + return; + } + if ($lonid ne '') { + my ($use_alias,$cached) = &is_cached_new('proxysaml',$lonid); + if ($cached) { + return $use_alias; + } + my $dom = &Apache::lonnet::host_domain($lonid); + if ($dom ne '') { + my $cachetime = 60*60*24; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') { + $use_alias = $domconfig{'wafproxy'}{'saml'}{$lonid}; + } + } + return &do_cache_new('proxysaml',$lonid,$use_alias,$cachetime); + } + } + return; +} + +sub get_saml_landing { + my ($lonid) = @_; + if ($lonid eq '') { + my $defdom = &default_login_domain(); + my @hosts = ¤t_machine_ids(); + if (@hosts > 1) { + foreach my $hostid (@hosts) { + if (&host_domain($hostid) eq $defdom) { + $lonid = $hostid; + last; + } + } + } else { + $lonid = $perlvar{'lonHostID'}; + } + if ($lonid) { + unless (&Apache::lonnet::host_domain($lonid) eq $defdom) { + return; + } + } else { + return; + } + } elsif (!defined(&hostname($lonid))) { + return; + } + my ($landing,$cached) = &is_cached_new('samllanding',$lonid); + if ($cached) { + return $landing; + } + my $dom = &Apache::lonnet::host_domain($lonid); + if ($dom ne '') { + my $cachetime = 60*60*24; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['login'],$dom); + if (ref($domconfig{'login'}) eq 'HASH') { + if (ref($domconfig{'login'}{'saml'}) eq 'HASH') { + if (ref($domconfig{'login'}{'saml'}{$lonid}) eq 'HASH') { + $landing = 1; + } + } + } + return &do_cache_new('samllanding',$lonid,$landing,$cachetime); + } + return; +} + # ------------------------------------------------------------- Declutters URLs sub declutter { @@ -13640,13 +13936,25 @@ } while (%alldns) { my ($dns) = sort { $b cmp $a } keys(%alldns); - my $ua=new LWP::UserAgent; - $ua->timeout(30); - my $request=new HTTP::Request('GET',"$alldns{$dns}://$dns$url"); - my $response=$ua->request($request); - delete($alldns{$dns}); - next if ($response->is_error()); - my @content = split("\n",$response->content); + my @content; + if ($dns eq Sys::Hostname::FQDN::fqdn()) { + my $command = (split('/',$url))[3]; + my ($dir,$file) = &parse_getdns_url($command,$url); + delete($alldns{$dns}); + next if (($dir eq '') || ($file eq '')); + if (open(my $config,'<',"$dir/$file")) { + @content = <$config>; + close($config); + } + } else { + my $ua=new LWP::UserAgent; + $ua->timeout(30); + my $request=new HTTP::Request('GET',"$alldns{$dns}://$dns$url"); + my $response=$ua->request($request); + delete($alldns{$dns}); + next if ($response->is_error()); + @content = split("\n",$response->content); + } unless ($nocache) { &do_cache_new('dns',$url,\@content,30*24*60*60); } @@ -13718,6 +14026,21 @@ return \%checksums; } +sub parse_getdns_url { + my ($command,$url) = @_; + my $dir = $perlvar{'lonTabDir'}; + my $file; + if ($command eq 'hosts') { + $file = 'dns_hosts.tab'; + } elsif ($command eq 'domain') { + $file = 'dns_domain.tab'; + } elsif ($command eq 'checksums') { + my $version = (split('/',$url))[4]; + $file = "dns_checksums/$version.tab", + } + return ($dir,$file); +} + # ------------------------------------------------------------ Read domain file { my $loaded; From raeburn at source.lon-capa.org Tue Dec 14 15:59:19 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 20:59:19 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) / lontrans.pm Message-ID: raeburn Tue Dec 14 20:59:19 2021 EDT Modified files: (Branch: version_2_11_X) /loncom lontrans.pm Log: - For 2.11 Backport 1.27, 1.28, 1.29, 1.30, 1.31, 1.32, 1.33, 1.34 (part), 1.35, 1.36, 1.37 (part), 1.38 Index: loncom/lontrans.pm diff -u loncom/lontrans.pm:1.14.10.1 loncom/lontrans.pm:1.14.10.2 --- loncom/lontrans.pm:1.14.10.1 Thu Mar 5 22:02:32 2020 +++ loncom/lontrans.pm Tue Dec 14 20:59:19 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network # URL translation for User Files # -# $Id: lontrans.pm,v 1.14.10.1 2020/03/05 22:02:32 raeburn Exp $ +# $Id: lontrans.pm,v 1.14.10.2 2021/12/14 20:59:19 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -31,6 +31,7 @@ use strict; use Apache::Constants qw(:common :remotehost); use Apache::lonnet(); +use Apache::loncommon; use Apache::File(); use LONCAPA; @@ -39,6 +40,93 @@ my $r = shift; # FIXME line remove when mod_perl fixes BUG#4948 $r->notes->set('error-notes' => ''); + my $alias = &Apache::lonnet::get_proxy_alias(); + if ($alias) { + my $hdrhost = $r->headers_in->get('Host'); + my $lonhost = $r->dir_config('lonHostID'); + my $hostname = &Apache::lonnet::hostname($lonhost); + my $ssourl = '/adm/sso'; + if ($r->dir_config('lonOtherAuthenUrl') ne '') { + $ssourl = $r->dir_config('lonOtherAuthenUrl'); + } + if (($hdrhost eq $alias) || ($hdrhost eq $hostname)) { + my $proxyinfo = &Apache::lonnet::get_proxy_settings($r->dir_config('lonDefDomain')); + my ($vpnint,$vpnext); + if (ref($proxyinfo) eq 'HASH') { + $vpnint = $proxyinfo->{'vpnint'}; + $vpnext = $proxyinfo->{'vpnext'}; + } + my ($redirect,$remote_ip); + if ($hdrhost eq $alias) { + $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP); + if (($vpnext && &Apache::lonnet::ip_match($remote_ip,$vpnext))) { + $redirect = $hostname; + } + if ($r->uri eq $ssourl) { + if (&Apache::lonnet::alias_sso($lonhost)) { + undef($redirect); + } else { + $redirect = $hostname; + } + } + if ($redirect eq $hdrhost) { + undef($redirect); + } + } elsif ($hdrhost eq $hostname) { + $remote_ip = &Apache::lonnet::get_requestor_ip($r,REMOTE_NOLOOKUP,1); + unless (($remote_ip eq '127.0.0.1') || ($remote_ip eq '::1') || + ($remote_ip eq &Apache::lonnet::get_host_ip($lonhost)) || + ($vpnint && &Apache::lonnet::ip_match($remote_ip,$vpnint))) { + $redirect = $alias; + if (($r->uri=~m{^/raw/}) || ($r->uri=~m{^/adm/dns/})) { + my %iphost = &Apache::lonnet::get_iphost(); + if (exists($iphost{$remote_ip})) { + undef($redirect); + } + } elsif ($r->uri eq $ssourl) { + unless (&Apache::lonnet::alias_sso($lonhost)) { + undef($redirect); + } + } + } + } + if ($redirect) { + my $uri = $r->uri; + if (($uri eq '/adm/switchserver') || ($uri =~ m{^/Shibboleth.sso/})) { + return DECLINED; + } + unless (($uri eq '/adm/migrateuser') || ($uri eq $ssourl)) { + my %user; + my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user); + if (($handle) && ($user{'name'} ne '') && ($user{'domain'} ne '')) { + unless (($user{'name'} eq 'public') && ($user{'domain'} eq 'public')) { + my $dest = '/adm/migrateuser'; + my $token = &set_token($r,$dest,$remote_ip,\%user); + unless ($token eq '') { + $r->internal_redirect("$dest?token=$token"); + $r->set_handlers('PerlHandler'=> undef); + return DECLINED; + } + } + } + } + my $protocol = 'http'; + my $port = $r->get_server_port(); + if ($port eq '443') { + $protocol = 'https'; + } + if ($uri =~ m{^(/adm/css/)(.+)(.css)$}) { + $uri = $1.&escape($2).$3; + } + my $location = $protocol.'://'.$redirect.$uri; + if ($r->args) { + $location .= '?'.$r->args; + } + $r->header_out(Location => $location); + return REDIRECT; + } + } + } if ($r->uri=~m|^(/raw)?/uploaded/|) { my $fn = $r->uri(); $fn=~s/^\/raw//; @@ -61,6 +149,53 @@ return DECLINED; } +sub set_token { + my ($r,$dest,$remote_ip,$userref) = @_; + my (%info,%user); + if ($dest eq '/adm/migrateuser') { + return unless (ref($userref) eq 'HASH'); + %user = %{$userref}; + %info = ('ip' => $remote_ip, + 'domain' => $user{'domain'}, + 'username' => $user{'name'}, + 'server' => $r->dir_config('lonHostID'), + ); + } + if ($r->args) { + foreach my $pair (split(/&/,$r->args)) { + my ($name,$value) = split(/=/,$pair); + $name = &LONCAPA::unescape($name); + next unless (($name eq 'role') || ($name eq 'symb')); + $value =~ tr/+/ /; + $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; + $info{$name} = $value; + } + } + if ($dest eq '/adm/migrateuser') { + unless ($info{'role'}) { + if ($user{'role'} ne '') { + $info{'role'} = $user{'role'}; + } + } + unless ($info{'symb'}) { + unless ($r->uri eq '/adm/roles') { + $info{'origurl'} = $r->uri; + } + } + } + if (($dest eq '/adm/migrateuser') || (keys(%info) > 0)) { + unless ($dest eq '/adm/migrateuser') { + $info{'origurl'} = $r->uri; + } + my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); + unless (($token eq 'con_lost') || ($token eq 'refused') || + ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { + return $token; + } + } + return; +} + 1; __END__ From raeburn at source.lon-capa.org Tue Dec 14 16:07:41 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 21:07:41 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) / startup.pl Message-ID: raeburn Tue Dec 14 21:07:41 2021 EDT Modified files: (Branch: version_2_11_X) /loncom startup.pl Log: - For 2.11 Backport 1.44 Index: loncom/startup.pl diff -u loncom/startup.pl:1.41.2.3 loncom/startup.pl:1.41.2.4 --- loncom/startup.pl:1.41.2.3 Sun Oct 23 19:27:31 2016 +++ loncom/startup.pl Tue Dec 14 21:07:41 2021 @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: startup.pl,v 1.41.2.3 2016/10/23 19:27:31 raeburn Exp $ +# $Id: startup.pl,v 1.41.2.4 2021/12/14 21:07:41 raeburn Exp $ BEGIN { eval "use Apache2::compat();"; @@ -158,6 +158,7 @@ use Apache::lonaccesstimes(); use Apache::lonshibauth(); use Apache::lonshibacc(); +use Apache::lonpopulate(); 1; __END__ From raeburn at source.lon-capa.org Tue Dec 14 16:10:40 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 21:10:40 -0000 Subject: [LON-CAPA-cvs] cvs: loncom(version_2_11_X) /xml londefdef.pm Message-ID: raeburn Tue Dec 14 21:10:40 2021 EDT Modified files: (Branch: version_2_11_X) /loncom/xml londefdef.pm Log: - For 2.11 Backport 1.466 Index: loncom/xml/londefdef.pm diff -u loncom/xml/londefdef.pm:1.456.2.5 loncom/xml/londefdef.pm:1.456.2.6 --- loncom/xml/londefdef.pm:1.456.2.5 Thu Sep 10 00:33:39 2020 +++ loncom/xml/londefdef.pm Tue Dec 14 21:10:40 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Tags Default Definition Module # -# $Id: londefdef.pm,v 1.456.2.5 2020/09/10 00:33:39 raeburn Exp $ +# $Id: londefdef.pm,v 1.456.2.6 2021/12/14 21:10:40 raeburn Exp $ # # # Copyright Michigan State University Board of Trustees @@ -99,6 +99,18 @@ # it will fail with tth. This is worth a warning. # (even though some people might just use latex for printing) &Apache::lonxml::warning(&mt('Missing $ in [_1].','<m>')); + } elsif (($env{'browser.type'} eq 'safari') && ($env{'form.editxmltext'}) && + (($env{'form.problemmode'} eq 'view') || ($env{'form.problemmode'} eq 'discard'))) { + my $delimiter; + if ($inside =~ /\$$/) { + $delimiter = '$'; + } elsif ($inside =~ /\\([)\]])$/) { + $delimiter = $1; + } + if ($delimiter) { + &Apache::lonxml::warning(&mt('Insert a space between [_1] and [_2].', + $delimiter,'</m>')); + } } my $eval=&Apache::lonxml::get_param('eval',$parstack,$safeeval); if ($eval eq 'on') { From raeburn at source.lon-capa.org Tue Dec 14 16:34:45 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 21:34:45 -0000 Subject: [LON-CAPA-cvs] cvs: rat(version_2_11_X) / lonpageflip.pm Message-ID: raeburn Tue Dec 14 21:34:45 2021 EDT Modified files: (Branch: version_2_11_X) /rat lonpageflip.pm Log: - For 2.11 Backport 1.103, 1.105 Index: rat/lonpageflip.pm diff -u rat/lonpageflip.pm:1.80.8.12 rat/lonpageflip.pm:1.80.8.13 --- rat/lonpageflip.pm:1.80.8.12 Thu Mar 4 01:33:43 2021 +++ rat/lonpageflip.pm Tue Dec 14 21:34:45 2021 @@ -2,7 +2,7 @@ # # Page flip handler # -# $Id: lonpageflip.pm,v 1.80.8.12 2021/03/04 01:33:43 raeburn Exp $ +# $Id: lonpageflip.pm,v 1.80.8.13 2021/12/14 21:34:45 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -231,9 +231,13 @@ if (tie(%hash,'GDBM_File',$env{'request.course.fn'}.'.db', &GDBM_READER(),0640)) { $furl=$hash{'first_url'}; - my %args; - my ($url,$args) = split(/\?/,$furl); - foreach my $pair (split(/\&/,$args)) { + my (%args,$url,$argstr); + if ($furl =~ m{^/enc/}) { + ($url,$argstr) = split(/\?/,&Apache::lonenc::unencrypted($furl)); + } else { + ($url,$argstr) = split(/\?/,$furl); + } + foreach my $pair (split(/\&/,$argstr)) { my ($name,$value) = split(/=/,$pair); $args{&unescape($name)} = &unescape($value); } @@ -241,13 +245,17 @@ # Wow, we cannot see this ... move forward to the next one that we can see my ($newrid,$newmap)=&move($hash{'first_rid'},$hash{'first_mapurl'},'forward'); # Build the new URL - my ($newmapid,$newresid)=split(/\./,$newrid); - my $symb=&Apache::lonnet::encode_symb($newmap,$newresid,$hash{'src_'.$newrid}); - $furl=&add_get_param($hash{'src_'.$newrid},{ 'symb' => $symb }); - if ($hash{'encrypted_'.$newrid}) { - $furl=&Apache::lonenc::encrypted($furl); + if ($newrid eq '') { + $furl = '/adm/navmaps'; + } else { + my ($newmapid,$newresid)=split(/\./,$newrid); + my $symb=&Apache::lonnet::encode_symb($newmap,$newresid,$hash{'src_'.$newrid}); + $furl=&add_get_param($hash{'src_'.$newrid},{ 'symb' => $symb }); + if ($hash{'encrypted_'.$newrid}) { + $furl=&Apache::lonenc::encrypted($furl); + } } - } + } untie(%hash); return $furl; } else { @@ -256,7 +264,7 @@ } sub check_http_req { - my ($srcref) = @_; + my ($srcref,$hostname) = @_; return unless (ref($srcref) eq 'SCALAR'); my $usehttp; if ($env{'request.course.id'}) { @@ -265,13 +273,15 @@ if (($$srcref =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) && ($ENV{'SERVER_PORT'} == 443) && ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || + (&Apache::lonnet::waf_allssl($hostname))) { $$srcref .= (($$srcref =~/\?/)? '&':'?') . 'usehttp=1'; $usehttp = 1; } } elsif (($$srcref =~ m{^\Q/adm/wrapper/ext/\E(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) { - unless (&Apache::lonnet::uses_sts()) { + unless ((&Apache::lonnet::uses_sts()) || + (&Apache::lonnet::waf_allssl($hostname))) { my ($url,$anchor) = ($$srcref =~ /^([^\#]+)(?:|(\#[^\#]+))$/); $$srcref = $url . (($$srcref =~/\?/)? '&':'?') . 'usehttp=1' .$anchor; $usehttp = 1; @@ -391,7 +401,7 @@ } if ($direction eq 'firstres') { my $furl=&first_accessible_resource(); - my $usehttp = &check_http_req(\$furl); + my $usehttp = &check_http_req(\$furl,$hostname); if (($usehttp) && ($hostname ne '')) { $furl='http://'.$hostname.$furl; } else { @@ -417,7 +427,7 @@ $id=$hash{'map_pc_'.&Apache::lonnet::clutter($murl)}.'.'.$id; $newloc=$hash{'src_'.$id}; if ($newloc) { - $usehttp = &check_http_req(\$newloc); + $usehttp = &check_http_req(\$newloc,$hostname); if ($hash{'encrypted_'.$id}) { $newloc=&Apache::lonenc::encrypted($newloc); } @@ -556,7 +566,7 @@ # ------------------------------------- Check for and display critical messages my ($redirect, $url) = &Apache::loncommon::critical_redirect(300); unless ($redirect) { - my $usehttp = &check_http_req(\$redirecturl); + my $usehttp = &check_http_req(\$redirecturl,$hostname); if (($usehttp) && ($hostname ne '')) { $url='http://'.$hostname.$redirecturl; } else { @@ -617,7 +627,7 @@ ENDSTART foreach my $id (@possibilities) { my $src = $multichoicehash{'src_'.$id}; - my $usehttp = &check_http_req(\$src); + my $usehttp = &check_http_req(\$src,$hostname); if (($usehttp) && ($hostname ne '')) { $src = 'http://'.$hostname.$src; } From raeburn at source.lon-capa.org Tue Dec 14 16:38:14 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 21:38:14 -0000 Subject: [LON-CAPA-cvs] cvs: rat(version_2_11_X) / lonsequence.pm Message-ID: raeburn Tue Dec 14 21:38:14 2021 EDT Modified files: (Branch: version_2_11_X) /rat lonsequence.pm Log: - For 2.11 Backport 1.54 Index: rat/lonsequence.pm diff -u rat/lonsequence.pm:1.48.2.3 rat/lonsequence.pm:1.48.2.4 --- rat/lonsequence.pm:1.48.2.3 Thu Jun 24 21:22:27 2021 +++ rat/lonsequence.pm Tue Dec 14 21:38:14 2021 @@ -2,7 +2,7 @@ # # Sequence Handler # -# $Id: lonsequence.pm,v 1.48.2.3 2021/06/24 21:22:27 raeburn Exp $ +# $Id: lonsequence.pm,v 1.48.2.4 2021/12/14 21:38:14 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -412,7 +412,7 @@ 'last_known' => [$disurl,$dismapid]); } &Apache::loncommon::content_type($r,'text/html'); - $r->header_out(Location => &Apache::lonnet::absolute_url($ENV{'SERVER_NAME'}). + $r->header_out(Location => &Apache::lonnet::absolute_url(). $showdisurl); return REDIRECT; } else { From raeburn at source.lon-capa.org Tue Dec 14 17:52:33 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Tue, 14 Dec 2021 22:52:33 -0000 Subject: [LON-CAPA-cvs] cvs: rat(version_2_11_X) / lonuserstate.pm Message-ID: raeburn Tue Dec 14 22:52:33 2021 EDT Modified files: (Branch: version_2_11_X) /rat lonuserstate.pm Log: - For 2.11 Backport 1.161, 1.162, 1.163 Index: rat/lonuserstate.pm diff -u rat/lonuserstate.pm:1.149.2.4 rat/lonuserstate.pm:1.149.2.5 --- rat/lonuserstate.pm:1.149.2.4 Sat May 2 21:28:08 2020 +++ rat/lonuserstate.pm Tue Dec 14 22:52:33 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Construct and maintain state and binary representation of course for user # -# $Id: lonuserstate.pm,v 1.149.2.4 2020/05/02 21:28:08 raeburn Exp $ +# $Id: lonuserstate.pm,v 1.149.2.5 2021/12/14 22:52:33 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -1200,7 +1200,7 @@ # ---------------------------------------------------- Read map and all submaps sub readmap { - my $short=shift; + my ($short,$critmsg_check) = @_; $short=~s/^\///; # TODO: Hidden dependency on current user: @@ -1437,14 +1437,18 @@ # Depends on user must parameterize this as well..or separate as this is: # more part of determining what someone sees on entering a course? +# When lonuserstate::readmap() is called from lonroles.pm, i.e., +# after selecting a role in a course, critical_redirect will be called, +# unless the course has a blocking event in effect, which suppresses +# critical message checking (users without evb priv). +# - my @what=&Apache::lonnet::dump('critical',$env{'user.domain'}, - $env{'user.name'}); - if ($what[0]) { - if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { - $retfurl='/adm/email?critical=display'; + if ($critmsg_check) { + my ($redirect,$url) = &Apache::loncommon::critical_redirect(); + if ($redirect) { + $retfurl = $url; } - } + } return ($retfurl,$errtext); } From raeburn at source.lon-capa.org Tue Dec 14 19:41:48 2021 From: raeburn at source.lon-capa.org (raeburn) Date: Wed, 15 Dec 2021 00:41:48 -0000 Subject: [LON-CAPA-cvs] cvs: rat(version_2_11_X) / lonwrapper.pm Message-ID: raeburn Wed Dec 15 00:41:48 2021 EDT Modified files: (Branch: version_2_11_X) /rat lonwrapper.pm Log: - For 2.11 Backport 1.77 (part) Index: rat/lonwrapper.pm diff -u rat/lonwrapper.pm:1.49.2.10 rat/lonwrapper.pm:1.49.2.11 --- rat/lonwrapper.pm:1.49.2.10 Thu Mar 5 22:05:50 2020 +++ rat/lonwrapper.pm Wed Dec 15 00:41:48 2021 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Wrapper for external and binary files as standalone resources # -# $Id: lonwrapper.pm,v 1.49.2.10 2020/03/05 22:05:50 raeburn Exp $ +# $Id: lonwrapper.pm,v 1.49.2.11 2021/12/15 00:41:48 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -52,6 +52,9 @@ 'show' => 'Show content in pop-up window', ); + (undef,undef,undef,undef,undef,undef,my $clientmobile) = + &Apache::loncommon::decode_user_agent($r); + my ($anchor,$uselink,$linktext); if ($is_ext) { if ($env{'form.symb'}) { @@ -62,7 +65,7 @@ } elsif ($env{'form.anchor'} ne '') { $anchor = '#'.$env{'form.anchor'}; } - unless (($is_pdf) && ($env{'browser.mobile'})) { + unless (($is_pdf) && ($clientmobile)) { my $hostname = $r->hostname(); my $lonhost = $r->dir_config('lonHostID'); my $ip = &Apache::lonnet::get_host_ip($lonhost); @@ -94,7 +97,7 @@ # do not obscure the Functions menu. # - unless (($env{'browser.mobile'}) || $uselink) { + unless ($clientmobile || $uselink) { $headjs = '