[LON-CAPA-cvs] cvs: loncom /cgi plot.gif /xml lonplot.pm

matthew lon-capa-cvs@mail.lon-capa.org
Fri, 01 Mar 2002 14:03:50 -0000


matthew		Fri Mar  1 09:03:50 2002 EDT

  Modified files:              
    /loncom/cgi	plot.gif 
    /loncom/xml	lonplot.pm 
  Log:
  escape and unescape filename passed between lonplot.pm and plot.gif
  
  
Index: loncom/cgi/plot.gif
diff -u loncom/cgi/plot.gif:1.8 loncom/cgi/plot.gif:1.9
--- loncom/cgi/plot.gif:1.8	Thu Feb 28 16:02:32 2002
+++ loncom/cgi/plot.gif	Fri Mar  1 09:03:50 2002
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 #
-# $Id: plot.gif,v 1.8 2002/02/28 21:02:32 matthew Exp $
+# $Id: plot.gif,v 1.9 2002/03/01 14:03:50 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,6 +35,9 @@
     $data{$name}=$value;
 }
 my $filename = $data{'file'};
+# unescape filename
+$filename =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+
 die if ($filename =~ /\// || $filename !~ /_plot.data$/);
 $filename = $tmpdir . $filename;
 die "$data{'file'} does not exist\n" if (! -e $filename);
Index: loncom/xml/lonplot.pm
diff -u loncom/xml/lonplot.pm:1.53 loncom/xml/lonplot.pm:1.54
--- loncom/xml/lonplot.pm:1.53	Thu Feb 28 16:04:10 2002
+++ loncom/xml/lonplot.pm	Fri Mar  1 09:03:50 2002
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Dynamic plot
 #
-# $Id: lonplot.pm,v 1.53 2002/02/28 21:04:10 matthew Exp $
+# $Id: lonplot.pm,v 1.54 2002/03/01 14:03:50 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -450,6 +450,7 @@
 	    '_'.time.'_'.$$.int(rand(1000)).'_plot.data';
 	## Write the plot description to the file
 	&write_gnuplot_file($tmpdir,$filename,$target);
+	$filename = &Apache::lonnet::escape($filename);
 	## return image tag for the plot
 	if ($target eq 'web') {
 	    $result .= <<"ENDIMAGE";