[LON-CAPA-cvs] cvs: loncom / lontrans.pm /interface lonprintout.pm rat lonwrapper.pm

raeburn raeburn at source.lon-capa.org
Sat Feb 29 11:05:30 EST 2020


raeburn		Sat Feb 29 16:05:30 2020 EDT

  Modified files:              
    /loncom	lontrans.pm 
    /rat	lonwrapper.pm 
    /loncom/interface	lonprintout.pm 
  Log:
  - Accommodate Apache 2.4 updated to address CVE-2019-0220.
    Reverse piecemeal changes (lonwrapper.pm 1.72 & lonprintout.pm 1.670)
    with generalized solution using PerlTransHandler.
  
  
Index: loncom/lontrans.pm
diff -u loncom/lontrans.pm:1.25 loncom/lontrans.pm:1.26
--- loncom/lontrans.pm:1.25	Sun Jan 20 02:42:35 2019
+++ loncom/lontrans.pm	Sat Feb 29 16:05:21 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # URL translation for User Files
 #
-# $Id: lontrans.pm,v 1.25 2019/01/20 02:42:35 raeburn Exp $
+# $Id: lontrans.pm,v 1.26 2020/02/29 16:05:21 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -66,9 +66,12 @@
 			 '/userfiles/'.(join('/', at ufile)));
         }
         return OK;
-    } else {
-        return DECLINED;
+    } elsif ($r->uri =~ m{^\Q/adm/wrapper/ext/https:/\E[^/]}) {
+        my $uri = $r->uri;
+        $uri =~ s{^(\Q/adm/wrapper/ext/https:/\E)}{$1/};
+        $r->uri($uri);
     }
+    return DECLINED;
 }
 
 sub redirect_raw {
Index: rat/lonwrapper.pm
diff -u rat/lonwrapper.pm:1.75 rat/lonwrapper.pm:1.76
--- rat/lonwrapper.pm:1.75	Mon Feb 17 00:47:14 2020
+++ rat/lonwrapper.pm	Sat Feb 29 16:05:26 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Wrapper for external and binary files as standalone resources
 #
-# $Id: lonwrapper.pm,v 1.75 2020/02/17 00:47:14 raeburn Exp $
+# $Id: lonwrapper.pm,v 1.76 2020/02/29 16:05:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -322,7 +322,7 @@
     for ($url){
         s|^/adm/wrapper||;
         $is_ext = $_ =~ s|^/ext/|http://|;
-        s|http://https://?|https://| if ($is_ext);
+        s|http://https://|https://| if ($is_ext);
         s|:|:|g;
     }
 
Index: loncom/interface/lonprintout.pm
diff -u loncom/interface/lonprintout.pm:1.670 loncom/interface/lonprintout.pm:1.671
--- loncom/interface/lonprintout.pm:1.670	Mon Feb 17 13:40:16 2020
+++ loncom/interface/lonprintout.pm	Sat Feb 29 16:05:30 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Printout
 #
-# $Id: lonprintout.pm,v 1.670 2020/02/17 13:40:16 raeburn Exp $
+# $Id: lonprintout.pm,v 1.671 2020/02/29 16:05:30 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -2076,7 +2076,7 @@
     my $result.= &print_latex_header($mode);
     if ($currentURL=~m|^(/adm/wrapper/)?ext/|) {
 	$currentURL=~s|^(/adm/wrapper/)?ext/|http://|;
-        $currentURL=~s|^http://https://?|https://|;
+        $currentURL=~s|^http://https://|https://|;
 	my $title=&Apache::lonnet::gettitle($symb);
 	$title = &Apache::lonxml::latex_special_symbols($title);
         my $url =  &Apache::lonxml::latex_special_symbols($currentURL);




More information about the LON-CAPA-cvs mailing list