# The LearningOnline Network with CAPA
# Handler to upload files into construction space
#
# $Id: lonupload.pm,v 1.71 2023/07/23 11:54:56 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
###
=head1 NAME
Apache::lonupload - upload files into construction space
=head1 SYNOPSIS
Invoked by /etc/httpd/conf/srm.conf:
'.&mt('No upload file specified.').'
'. &earlyout($fn,$uname,$udom)); return; } # Append the name of the uploaded file $fn.=$env{'form.upfile.filename'}; $fn=~s/(\/)+/\//g; # Check for illegal filename &Debug($r, "Filename for upload: $fn"); if (!(($fn) && ($fn!~/\/$/))) { $r->print(''.&mt('Illegal filename.').'
'); return; } # Check if quota exceeded my $filesize = length($env{'form.upfile'}); if (!$filesize) { $r->print(''.
&mt('Unable to upload [_1]. (size = [_2] bytes)',
''.$env{'form.upfile.filename'}.'',
$filesize).'
'.
&mt('Either the file you attempted to upload was empty, or your web browser was unable to read its contents.').'
'.
'
'
.&mt('The extension on this file, [_1], is reserved internally by LON-CAPA.',
''.$1.'')
.'
'.&mt('Please change the extension.')
.'
'
.&mt('The extension on this file, [_1], is not recognized by LON-CAPA.',
''.$1.'')
.'
'.&mt('Please change the extension.')
.'
'.&mt('Upload cancelled.').'
' .''; } elsif ((-e $target) && (!$env{'form.override'})) { $output .= ''; } else { my $source=$r->dir_config('lonDaemons').'/tmp/'.$datatoken.'.tmp'; my $dirpath=$path.'/'; $dirpath=~s/\/+/\//g; # Check for bad extension and disallow upload my $result; ($result,$returnflag) = &check_extension($fn,$mode,$source,$target,$action,$dirpath,$url); $output .= $result; } } else { $output .= ''. &mt('Please use browser "Back" button and pick a filename'). ''.
&mt('File [_1] could not be copied.',
''.$fn.' ').
'
'.
&mt('The extension on this file is reserved internally by LON-CAPA.').
'
'.
&mt('File [_1] could not be copied.',
''.$fn.' ').
'
'.
&mt('The extension on this file is not recognized by LON-CAPA.').
'
'.
&mt('File [_1] could not be copied.',
''.$fn.'').
'
'.
&mt('The target is an existing directory.').
'
' .&mt('Your file - [_1] - was uploaded successfully.', ''.$fn.'') .'
'; } else { $result .= '' .&mt('File copied.') .'
'; } # Check for embedded objects. my (%allfiles,%codebase); my ($text,$header,$css,$js); if (($mode ne 'imsimport') && ($target =~ /\.(htm|html|shtml)$/i)) { my (%allfiles,%codebase); &Apache::lonnet::extract_embedded_items($target,\%allfiles,\%codebase); if (keys(%allfiles) > 0) { my ($currentpath) = ($url =~ m{^(.+)/[^/]+$}); my $state = &embedded_form_elems('upload_embedded',$url,$mode); my ($embedded,$num,$pathchg) = &Apache::loncommon::ask_for_embedded_content($action,$state,\%allfiles, \%codebase, {'error_on_invalid_names' => 1, 'ignore_remote_references' => 1, 'current_path' => $currentpath}); if ($embedded) { $result .= ''.&mt('Completed upload of the file.').' '.&mt('This file contained references to other files.').'
'. ''.&mt('Please select the locations from which the referenced files are to be uploaded.').'
'. $embedded; if ($mode eq 'testbank') { $returnflag = 'embedded'; $result .= ''.&mt('Or [_1]continue[_2] the testbank import without these files.','','').'
'; } } else { $result .= ''.&mt('Completed upload of the file.').'
'.$embedded; if ($pathchg) { if ($mode eq 'testbank') { $returnflag = 'embedded'; $result .= ''.&mt('Or [_1]continue[_2] the testbank import without modifying the reference(s).','','').'
'; } } } } } } if (($mode ne 'imsimport') && ($mode ne 'testbank')) { $result .= '' .&mt('Removed one or more disallowed characters from filename') .'
'; } if ($fname=~ /\.(\d+)\.(\w+)$/) { my $num = $1; $warning .= ''
.&mt('Bad filename [_1]',''.$fname.'')
.'
'
.&mt('[_1](name).(number).(extension)[_2] not allowed.','','')
.'
'
.&mt('Replacing the [_1].number.[_2] with [_1]_letter.[_2] in requested filename.','','')
.'
' .&mt('Changed ___ to a single _ in filename') .'
'; } return ($fname,$warning); } sub phasethree { my ($r,$fn,$uname,$udom,$mode) = @_; my $action = '/adm/upload'; if ($mode eq 'testbank') { $action = '/adm/testbank'; } elsif ($mode eq 'imsimport') { $action = '/adm/imsimport'; } my $url_root = "/priv/$udom/$uname"; my $dir_root = $r->dir_config('lonDocRoot').$url_root; my $path = &File::Basename::dirname($fn); $path =~ s{^\Q$url_root\E}{}; my $dirpath = $url_root.$path.'/'; $dirpath=~s{/+}{/}g; my $filename = &HTML::Entities::encode($env{'form.filename'},'<>&"'); my $state = &embedded_form_elems('modify_orightml',$filename,$mode). ''; my ($result,$returnflag) = &Apache::loncommon::upload_embedded($mode,$path,$uname,$udom, $dir_root,$url_root,undef, undef,undef,$state,$action); if ($mode ne 'imsimport' && $mode ne 'testbank') { $result .= '' .&mt('Path modified as a result of one or more instances of /../') .'
'; while ($fn =~ m{/\.\./}) { $fn =~ s{/[^/]+/\.\./}{/}g; } } unless ($fn) { $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. ' unspecified filename for upload', $r->filename); return HTTP_NOT_FOUND; } my ($uname,$udom)=&Apache::lonnet::constructaccess($fn); unless (($uname) && ($udom)) { $r->log_reason($env{'user.name'}.' at '.$env{'user.domain'}. ' trying to upload file '.$fn. ' - not authorized', $r->filename); return HTTP_NOT_ACCEPTABLE; } # ----------------------------------------------------------- Start page output &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; unless ($env{'form.phase'} eq 'two') { $javascript = <<"ENDJS"; ENDJS } my $londocroot = $r->dir_config('lonDocRoot'); my $trailfile = $fn; $trailfile =~ s{^/(priv/)}{$londocroot/$1}; # Breadcrumbs my $text = 'Authoring Space'; my $href = &Apache::loncommon::authorspace($fn); my $crsauthor; if ($env{'request.course.id'}) { my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; if ($href eq "/priv/$cdom/$cnum/") { $text = 'Course Authoring Space'; $crsauthor = 1; } } my $brcrum = [{'href' => $href, 'text' => $text}, {'href' => '/adm/upload', 'text' => 'Upload file to '.$text}]; $r->print(&Apache::loncommon::start_page('Upload file to '.$text, $javascript, {'bread_crumbs' => $brcrum,}) .&Apache::loncommon::head_subbox( &Apache::loncommon::CSTR_pageheader($trailfile)) ); unless ($crsauthor) { if (($uname ne $env{'user.name'}) || ($udom ne $env{'user.domain'})) { $r->print('' .&mt('Co-Author [_1]',$uname.':'.$udom) .'
' ); } } if ($warning) { $r->print($warning); } if ($env{'form.phase'} eq 'four') { my $output = &phasefour($r,$fn,$uname,$udom,'author'); $r->print($output); } elsif ($env{'form.phase'} eq 'three') { my ($output,$rtnflag) = &phasethree($r,$fn,$uname,$udom,'author'); $r->print($output); } elsif ($env{'form.phase'} eq 'two') { my ($output,$returnflag) = &phasetwo($r,$fn); $r->print($output); } else { &phaseone($r,$fn,undef,$uname,$udom); } $r->print(&Apache::loncommon::end_page()); return OK; } 1; __END__