version 1.489.2.27, 2017/03/20 03:21:08
|
version 1.489.2.29, 2018/04/29 00:40:49
|
Line 1430 sub du2_handler {
|
Line 1430 sub du2_handler {
|
# |
# |
# 1. for a directory, and the path does not begin with one of: |
# 1. for a directory, and the path does not begin with one of: |
# (a) /home/httpd/html/res/<domain> |
# (a) /home/httpd/html/res/<domain> |
# (b) /home/httpd/html/res/userfiles/ |
# (b) /home/httpd/html/userfiles/ |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
# or is: |
# or is: |
# |
# |
# 2. for a file, and the path (after prepending) does not begin with: |
# 2. for a file, and the path (after prepending) does not begin with one of: |
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
|
# (b) /home/httpd/html/res/<domain>/<username>/ |
|
# (c) /home/httpd/html/userfiles/<domain>/<username>/ |
# |
# |
# the response will be "refused". |
# the response will be "refused". |
# |
# |
Line 1466 sub ls_handler {
|
Line 1468 sub ls_handler {
|
} |
} |
if (-e $ulsdir) { |
if (-e $ulsdir) { |
if(-d $ulsdir) { |
if(-d $ulsdir) { |
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) { |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) { |
&Failure($client,"refused\n",$userinput); |
&Failure($client,"refused\n",$userinput); |
return 1; |
return 1; |
} |
} |
Line 1494 sub ls_handler {
|
Line 1496 sub ls_handler {
|
closedir(LSDIR); |
closedir(LSDIR); |
} |
} |
} else { |
} else { |
unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) { |
unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) || |
|
($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) { |
&Failure($client,"refused\n",$userinput); |
&Failure($client,"refused\n",$userinput); |
return 1; |
return 1; |
} |
} |
Line 1527 sub ls_handler {
|
Line 1530 sub ls_handler {
|
# |
# |
# 1. for a directory, and the path does not begin with one of: |
# 1. for a directory, and the path does not begin with one of: |
# (a) /home/httpd/html/res/<domain> |
# (a) /home/httpd/html/res/<domain> |
# (b) /home/httpd/html/res/userfiles/ |
# (b) /home/httpd/html/userfiles/ |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
# or is: |
# or is: |
# |
# |
# 2. for a file, and the path (after prepending) does not begin with: |
# 2. for a file, and the path (after prepending) does not begin with one of: |
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
|
# (b) /home/httpd/html/res/<domain>/<username>/ |
|
# (c) /home/httpd/html/userfiles/<domain>/<username>/ |
# |
# |
# the response will be "refused". |
# the response will be "refused". |
# |
# |
Line 1562 sub ls2_handler {
|
Line 1567 sub ls2_handler {
|
} |
} |
if (-e $ulsdir) { |
if (-e $ulsdir) { |
if(-d $ulsdir) { |
if(-d $ulsdir) { |
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) { |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) { |
&Failure($client,"refused\n","$userinput"); |
&Failure($client,"refused\n","$userinput"); |
return 1; |
return 1; |
} |
} |
Line 1591 sub ls2_handler {
|
Line 1596 sub ls2_handler {
|
closedir(LSDIR); |
closedir(LSDIR); |
} |
} |
} else { |
} else { |
unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) { |
unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) || |
|
($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) { |
&Failure($client,"refused\n",$userinput); |
&Failure($client,"refused\n",$userinput); |
return 1; |
return 1; |
} |
} |
Line 1616 sub ls2_handler {
|
Line 1622 sub ls2_handler {
|
# |
# |
# 1. for a directory, and the path does not begin with one of: |
# 1. for a directory, and the path does not begin with one of: |
# (a) /home/httpd/html/res/<domain> |
# (a) /home/httpd/html/res/<domain> |
# (b) /home/httpd/html/res/userfiles/ |
# (b) /home/httpd/html/userfiles/ |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
# (d) /home/httpd/html/priv/<domain>/ and client is the homeserver |
# (d) /home/httpd/html/priv/<domain> and client is the homeserver |
# |
# |
# or is: |
# or is: |
# |
# |
# 2. for a file, and the path (after prepending) does not begin with: |
# 2. for a file, and the path (after prepending) does not begin with one of: |
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
|
# (b) /home/httpd/html/res/<domain>/<username>/ |
|
# (c) /home/httpd/html/userfiles/<domain>/<username>/ |
|
# (d) /home/httpd/html/priv/<domain>/<username>/ and client is the homeserver |
# |
# |
# the response will be "refused". |
# the response will be "refused". |
# |
# |
Line 1700 sub ls3_handler {
|
Line 1709 sub ls3_handler {
|
if (-e $ulsdir) { |
if (-e $ulsdir) { |
if(-d $ulsdir) { |
if(-d $ulsdir) { |
unless (($getpropath) || ($getuserdir) || |
unless (($getpropath) || ($getuserdir) || |
($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) || |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles}) || |
(($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) { |
(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain}) && ($islocal))) { |
&Failure($client,"refused\n",$userinput); |
&Failure($client,"refused\n",$userinput); |
return 1; |
return 1; |
} |
} |
Line 1731 sub ls3_handler {
|
Line 1740 sub ls3_handler {
|
} |
} |
} else { |
} else { |
unless (($getpropath) || ($getuserdir) || |
unless (($getpropath) || ($getuserdir) || |
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/})) { |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) || |
|
($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/}) || |
|
(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain/$LONCAPA::match_name/}) && ($islocal))) { |
&Failure($client,"refused\n",$userinput); |
&Failure($client,"refused\n",$userinput); |
return 1; |
return 1; |
} |
} |
Line 5377 sub validate_course_section_handler {
|
Line 5388 sub validate_course_section_handler {
|
# Formal Parameters: |
# Formal Parameters: |
# $cmd - The command request that got us dispatched. |
# $cmd - The command request that got us dispatched. |
# $tail - The tail of the command. In this case this is a colon separated |
# $tail - The tail of the command. In this case this is a colon separated |
# set of words that will be split into: |
# set of values that will be split into: |
# $inst_class - Institutional code for the specific class section |
# $inst_class - Institutional code for the specific class section |
# $courseowner - The escaped username:domain of the course owner |
# $ownerlist - An escaped comma-separated list of username:domain |
|
# of the course owner, and co-owner(s). |
# $cdom - The domain of the course from the institution's |
# $cdom - The domain of the course from the institution's |
# point of view. |
# point of view. |
# $client - The socket open on the client. |
# $client - The socket open on the client. |
Line 5404 sub validate_class_access_handler {
|
Line 5416 sub validate_class_access_handler {
|
®ister_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0); |
®ister_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0); |
|
|
# |
# |
|
# Validate course owner or co-owners(s) access to enrollment data for all sections |
|
# and crosslistings for a particular course. |
|
# |
|
# |
|
# Formal Parameters: |
|
# $cmd - The command request that got us dispatched. |
|
# $tail - The tail of the command. In this case this is a colon separated |
|
# set of values that will be split into: |
|
# $ownerlist - An escaped comma-separated list of username:domain |
|
# of the course owner, and co-owner(s). |
|
# $cdom - The domain of the course from the institution's |
|
# point of view. |
|
# $classes - Frozen hash of institutional course sections and |
|
# crosslistings. |
|
# $client - The socket open on the client. |
|
# Returns: |
|
# 1 - continue processing. |
|
# |
|
|
|
sub validate_classes_handler { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my ($ownerlist,$cdom,$classes) = split(/:/, $tail); |
|
my $classesref = &Apache::lonnet::thaw_unescape($classes); |
|
my $owners = &unescape($ownerlist); |
|
my $result; |
|
eval { |
|
local($SIG{__DIE__})='DEFAULT'; |
|
my %validations; |
|
my $response = &localenroll::check_instclasses($owners,$cdom,$classesref, |
|
\%validations); |
|
if ($response eq 'ok') { |
|
foreach my $key (keys(%validations)) { |
|
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($validations{$key}).'&'; |
|
} |
|
$result =~ s/\&$//; |
|
} else { |
|
$result = 'error'; |
|
} |
|
}; |
|
if (!$@) { |
|
&Reply($client, \$result, $userinput); |
|
} else { |
|
&Failure($client,"unknown_cmd\n",$userinput); |
|
} |
|
return 1; |
|
} |
|
®ister_handler("autovalidateinstclasses", \&validate_classes_handler, 0, 1, 0); |
|
|
|
# |
# Create a password for a new LON-CAPA user added by auto-enrollment. |
# Create a password for a new LON-CAPA user added by auto-enrollment. |
# Only used for case where authentication method for new user is localauth |
# Only used for case where authentication method for new user is localauth |
# |
# |