--- loncom/publisher/loncfile.pm 2024/08/24 22:09:30 1.129.2.1 +++ loncom/publisher/loncfile.pm 2024/09/03 11:07:47 1.129.2.2 @@ -9,7 +9,7 @@ # and displays a page showing the results of the action. # # -# $Id: loncfile.pm,v 1.129.2.1 2024/08/24 22:09:30 raeburn Exp $ +# $Id: loncfile.pm,v 1.129.2.2 2024/09/03 11:07:47 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -1247,7 +1247,14 @@ sub phaseone { } elsif ($env{'form.action'} eq 'decompress') { &Decompress1($r, $uname, $udom, $fn); } elsif ($env{'form.action'} eq 'archive') { - &Archive1($r,$fn); + if (($uname eq $env{'user.name'}) && ($udom eq $env{'user.domain'})) { + &Archive1($r,$fn); + } else { + $r->print('

' + .&mt('Archiving of Authoring Spaces is only permitted by Author') + .'

' + ); + } } elsif ($env{'form.action'} eq 'copy') { if ($newfilename) { &Copy1($r, $uname, $udom, $fn, $newfilename); @@ -1679,7 +1686,13 @@ sub phasetwo { } $dest = $dir."/."; } elsif ($env{'form.action'} eq 'archive') { - &Archive2($r,$uname,$udom,$fn,$identifier); + if (($env{'environment.archive'}) && + ($env{'user.name'} eq $uname) && + ($env{'user.domain'} eq $udom)) { + &Archive2($r,$uname,$udom,$fn,$identifier); + } else { + $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space')); + } return; } elsif ($env{'form.action'} eq 'rename' || $env{'form.action'} eq 'move') { @@ -1778,9 +1791,11 @@ sub handler { } elsif($ENV{'QUERY_STRING'} && $env{'form.phase'} ne 'two') { #Just hijack the script only the first time around to inject the #correct information for further processing - $fn=&unescape($env{'form.decompress'}); - $fn=&URLToPath($fn); - $env{'form.action'}="decompress"; + if ($env{'form.decompress'} ne '') { + $fn=&unescape($env{'form.decompress'}); + $fn=&URLToPath($fn); + $env{'form.action'}="decompress"; + } } elsif ($env{'form.qualifiedfilename'}) { $fn=$env{'form.qualifiedfilename'}; } else { @@ -1813,7 +1828,12 @@ sub handler { ($env{'environment.canarchive'})) { &Apache::loncommon::content_type($r,'text/plain'); $r->send_http_header; - $r->print(&Archive3($archiveref)); + if (($env{'user.name'} eq $uname) && + ($env{'user.domain'} eq $udom)) { + $r->print(&Archive3($archiveref)); + } else { + $r->print(&mt('You do not have permission to export to an archive file in this Authoring Space')); + } return OK; }