[LON-CAPA-cvs] cvs: rat / lonpageflip.pm loncom/auth lonacc.pm loncom/interface londocs.pm lonhtmlcommon.pm lonmenu.pm lonnavmaps.pm lonprintout.pm
raeburn
raeburn at source.lon-capa.org
Sat Dec 29 18:24:59 EST 2018
raeburn Sat Dec 29 23:24:59 2018 EDT
Modified files:
/loncom/interface londocs.pm lonhtmlcommon.pm lonmenu.pm
lonnavmaps.pm lonprintout.pm
/loncom/auth lonacc.pm
/rat lonpageflip.pm
Log:
- Bug 6806 Use of an External Resource URL which includes an anchor will
cause page to be load in iframe at anchor position.
- For servers using Apache/SSL where External Resource points at http:// URL
query string for links contains usehttp=1, unless Strict-Transport-Security
set for Apache with max-age > 0.
-------------- next part --------------
Index: loncom/interface/londocs.pm
diff -u loncom/interface/londocs.pm:1.657 loncom/interface/londocs.pm:1.658
--- loncom/interface/londocs.pm:1.657 Thu Dec 27 20:10:31 2018
+++ loncom/interface/londocs.pm Sat Dec 29 23:24:39 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: londocs.pm,v 1.657 2018/12/27 20:10:31 raeburn Exp $
+# $Id: londocs.pm,v 1.658 2018/12/29 23:24:39 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -7289,7 +7289,10 @@
} elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
unless (&Apache::lonnet::uses_sts()) {
- $backtourl = 'http://'.$hostname.$backtourl;
+ if ($hostname ne '') {
+ $backtourl = 'http://'.$hostname.$backtourl;
+ }
+ $backtourl .= (($backtourl =~ /\?/) ? '&':'?').'usehttp=1';
}
}
}
Index: loncom/interface/lonhtmlcommon.pm
diff -u loncom/interface/lonhtmlcommon.pm:1.394 loncom/interface/lonhtmlcommon.pm:1.395
--- loncom/interface/lonhtmlcommon.pm:1.394 Thu Dec 27 20:10:31 2018
+++ loncom/interface/lonhtmlcommon.pm Sat Dec 29 23:24:39 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common html routines
#
-# $Id: lonhtmlcommon.pm,v 1.394 2018/12/27 20:10:31 raeburn Exp $
+# $Id: lonhtmlcommon.pm,v 1.395 2018/12/29 23:24:39 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3557,7 +3557,7 @@
}
} else {
unless ($cfile =~ m{^/priv/}) {
- if ($cfile =~ m{^(/adm/wrapper/ext/([^#]+))#([^#]+)$}) {
+ if ($cfile =~ m{^(/adm/wrapper/ext/([^#]+))(?:|#([^#]+))$}) {
$cfile = $1;
my $extlink = $2;
$anchor = $3;
@@ -3620,9 +3620,7 @@
if ($hostname ne '') {
$cfile = 'http://'.$hostname.(($cfile =~ /^\//)? '':'/').$cfile;
}
- unless ($is_ext) {
- $cfile .= (($cfile=~/\?/)?'&':'?').'usehttp=1';
- }
+ $cfile .= (($cfile=~/\?/)?'&':'?').'usehttp=1';
} elsif ($usehttps) {
$cfile = $env{'request.use_absolute'}.(($cfile =~ /^\//)? '':'/').$cfile;
}
Index: loncom/interface/lonmenu.pm
diff -u loncom/interface/lonmenu.pm:1.493 loncom/interface/lonmenu.pm:1.494
--- loncom/interface/lonmenu.pm:1.493 Thu Dec 27 20:10:31 2018
+++ loncom/interface/lonmenu.pm Sat Dec 29 23:24:40 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Routines to control the menu
#
-# $Id: lonmenu.pm,v 1.493 2018/12/27 20:10:31 raeburn Exp $
+# $Id: lonmenu.pm,v 1.494 2018/12/29 23:24:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2089,13 +2089,16 @@
sub utilityfunctions {
my ($httphost) = @_;
my $currenturl=&Apache::lonnet::clutter(&Apache::lonnet::fixversion((split(/\?/,$env{'request.noversionuri'}))[0]));
- if ($currenturl =~ m{^/adm/wrapper/ext/}
- && $env{'request.external.querystring'} ) {
+ my $currentsymb=&Apache::lonenc::check_encrypt($env{'request.symb'});
+ if ($currenturl =~ m{^/adm/wrapper/ext/}) {
+ if ($env{'request.external.querystring'}) {
$currenturl .= ($currenturl=~/\?/)?'&':'?'.$env{'request.external.querystring'};
+ }
+ if ($currentsymb =~ /(\#[^\#]+)$/) {
+ $currenturl .= $1;
+ }
}
$currenturl=&Apache::lonenc::check_encrypt(&unescape($currenturl));
-
- my $currentsymb=&Apache::lonenc::check_encrypt($env{'request.symb'});
my $dc_popup_cid;
if ($env{'user.adv'} && exists($env{'user.role.dc./'.
Index: loncom/interface/lonnavmaps.pm
diff -u loncom/interface/lonnavmaps.pm:1.544 loncom/interface/lonnavmaps.pm:1.545
--- loncom/interface/lonnavmaps.pm:1.544 Thu Dec 27 20:10:31 2018
+++ loncom/interface/lonnavmaps.pm Sat Dec 29 23:24:40 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Navigate Maps Handler
#
-# $Id: lonnavmaps.pm,v 1.544 2018/12/27 20:10:31 raeburn Exp $
+# $Id: lonnavmaps.pm,v 1.545 2018/12/29 23:24:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1938,7 +1938,7 @@
$src = 'http://'.$hostname.$src;
}
$src .= ($srcHasQuestion? '&' : '?') . 'usehttp=1';
- $srcHasQuestion = 1;a
+ $srcHasQuestion = 1;
}
} elsif (($is_ssl) && ($src =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) {
unless (&Apache::lonnet::uses_sts()) {
@@ -2991,7 +2991,7 @@
my $pc = $map->map_pc();
next if ((!$pc) || ($pc == 1));
push(@links,$map);
- push(@revmapinfo,{'href' => $map->link().'?navmap=1','text' => $map->title(),'no_mt' => 1,});
+ push(@revmapinfo,{'href' => $env{'request.use_absolute'}.$map->link().'?navmap=1','text' => $map->title(),'no_mt' => 1,});
$totallength += length($map->title());
}
my $numlinks = scalar(@links);
@@ -3006,7 +3006,7 @@
foreach my $map (@links) {
my $showntitle = &truncate_crumb_text($map->title(),$avg);
if ($showntitle ne '') {
- push(@revmapinfo,{'href' => $map->link().'?navmap=1','text' => $showntitle,'no_mt' => 1,});
+ push(@revmapinfo,{'href' => $env{'request.use_absolute'}.$map->link().'?navmap=1','text' => $showntitle,'no_mt' => 1,});
}
}
}
Index: loncom/interface/lonprintout.pm
diff -u loncom/interface/lonprintout.pm:1.665 loncom/interface/lonprintout.pm:1.666
--- loncom/interface/lonprintout.pm:1.665 Sat Dec 29 21:21:56 2018
+++ loncom/interface/lonprintout.pm Sat Dec 29 23:24:40 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Printout
#
-# $Id: lonprintout.pm,v 1.665 2018/12/29 21:21:56 raeburn Exp $
+# $Id: lonprintout.pm,v 1.666 2018/12/29 23:24:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3451,12 +3451,35 @@
$URLback=$helper->{'VARS'}->{'filename'};
} elsif ($helper->{VARS}{'symb'}) {
my ($map, $id, $url) = &Apache::lonnet::decode_symb($helper->{VARS}{'symb'});
+ my $cdom =$env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum =$env{'course.'.$env{'request.course.id'}.'.num'};
+ my ($anchor,$usehttp);
$url = &Apache::lonnet::clutter($url);
+ if (($ENV{'SERVER_PORT'} == 443) && ($env{'request.course.id'}) &&
+ (($url =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) ||
+ ($url =~ m{^\Q/adm/wrapper/ext/\E(?!https:)}))) {
+ unless (&Apache::lonnet::uses_sts()) {
+ $usehttp = 1;
+ }
+ }
if ($env{'request.enc'}) {
$url = &Apache::lonenc::encrypted($url);
}
if ($url ne '') {
- $URLback = $url.(($url =~ /\?/) ? '&':'?').'symb='.$helper->{VARS}{'symb'};
+ my $symb = $helper->{VARS}{'symb'};
+ if ($url =~ m{^\Q/adm/wrapper/ext/\E}) {
+ my $link = $url;
+ ($link,$anchor) = ($url =~ /^([^\#]+)(?:|(\#[^\#]+))$/);
+ if ($anchor) {
+ ($symb) = ($helper->{VARS}{'symb'} =~ /^([^\#]+)/);
+ }
+ $url = $link;
+ }
+ $URLback = $url;
+ if ($usehttp) {
+ $URLback .= (($URLback =~ /\?/) ? '&':'?').'usehttp=1';
+ }
+ $URLback .= (($URLback =~ /\?/) ? '&':'?').'symb='.&escape($symb.$anchor);
}
}
#
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.173 loncom/auth/lonacc.pm:1.174
--- loncom/auth/lonacc.pm:1.173 Thu Dec 27 18:14:38 2018
+++ loncom/auth/lonacc.pm Sat Dec 29 23:24:52 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.173 2018/12/27 18:14:38 raeburn Exp $
+# $Id: lonacc.pm,v 1.174 2018/12/29 23:24:52 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -517,7 +517,7 @@
my $preserved;
foreach my $pair (split(/&/,$query)) {
my ($name, $value) = split(/=/,$pair);
- unless ($name eq 'symb') {
+ unless (($name eq 'symb') || ($name eq 'usehttp')) {
$preserved .= $pair.'&';
}
if (($env{'request.course.id'}) && ($name eq 'folderpath')) {
Index: rat/lonpageflip.pm
diff -u rat/lonpageflip.pm:1.99 rat/lonpageflip.pm:1.100
--- rat/lonpageflip.pm:1.99 Thu Dec 27 20:11:16 2018
+++ rat/lonpageflip.pm Sat Dec 29 23:24:58 2018
@@ -2,7 +2,7 @@
#
# Page flip handler
#
-# $Id: lonpageflip.pm,v 1.99 2018/12/27 20:11:16 raeburn Exp $
+# $Id: lonpageflip.pm,v 1.100 2018/12/29 23:24:58 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -320,7 +320,8 @@
} elsif (($$srcref =~ m{^\Q/adm/wrapper/ext/\E(?!https:)}) &&
($ENV{'SERVER_PORT'} == 443)) {
unless (&Apache::lonnet::uses_sts()) {
- $$srcref .= (($$srcref =~/\?/)? '&':'?') . 'usehttp=1';
+ my ($url,$anchor) = ($$srcref =~ /^([^\#]+)(?:|(\#[^\#]+))$/);
+ $$srcref = $url . (($$srcref =~/\?/)? '&':'?') . 'usehttp=1' .$anchor;
$usehttp = 1;
}
}
@@ -483,8 +484,11 @@
$usehttp = &check_http_req(\$newloc);
if ($hash{'encrypted_'.$id}) {
$newloc=&Apache::lonenc::encrypted($newloc);
- } elsif ($newloc =~ m{^(/adm/wrapper/ext/[^\#]+)\#([^\#]+)$}) {
- $newloc = $1.&escape('#').$2;
+ } elsif ($newloc =~ m{^(/adm/wrapper/ext/[^\#]+)(?:|\#([^\#]+))$}) {
+ my ($url,$anchor) = ($1,$2);
+ if ($anchor) {
+ $newloc = $url.(($url=~/\?/)?'&':'?').'symb='.&escape($last);
+ }
}
} else {
$newloc='/adm/navmaps';
More information about the LON-CAPA-cvs
mailing list