--- loncom/publisher/lonretrieve.pm 2001/05/02 23:00:05 1.9 +++ loncom/publisher/lonretrieve.pm 2001/05/09 17:15:26 1.10 @@ -19,6 +19,7 @@ use strict; use Apache::File; use File::Copy; use Apache::Constants qw(:common :http :methods); +use Apache::loncacc; sub phaseone { my ($r,$fn,$uname,$udom)=@_; @@ -138,7 +139,7 @@ sub handler { if ($ENV{'form.filename'}) { $fn=$ENV{'form.filename'}; - $fn=~s/^http\:\/\/[^\/]+\/\~(\w+)//; + $fn=~s/^http\:\/\/[^\/]+//; } else { $r->log_reason($ENV{'user.name'}.' at '.$ENV{'user.domain'}. ' unspecified filename for retrieval', $r->filename); @@ -152,9 +153,20 @@ sub handler { } # ----------------------------------------------------------- Start page output + my $uname; + my $udom; - my $uname=$ENV{'user.name'}; - my $udom=$ENV{'user.domain'}; + unless (($uname,$udom)= + &Apache::loncacc::constructaccess( + $fn,$r->dir_config('lonDefDomain'))) { + $r->log_reason($uname.' at '.$udom. + ' trying to publish file '.$ENV{'form.filename'}. + ' ('.$fn.') - not authorized', + $r->filename); + return HTTP_NOT_ACCEPTABLE; + } + + $fn=~s/\/\~(\w+)//; $r->content_type('text/html'); $r->send_http_header; @@ -166,6 +178,12 @@ sub handler { $r->print('