[LON-CAPA-cvs] cvs: loncom /interface lonspreadsheet.pm
matthew
lon-capa-cvs@mail.lon-capa.org
Mon, 02 Dec 2002 21:22:39 -0000
matthew Mon Dec 2 16:22:39 2002 EDT
Modified files:
/loncom/interface lonspreadsheet.pm
Log:
Redo encoding by calling HTML::Entities::encode().
Added encoding of all HTML cell output. This effectively disallows the use
of HTML in the output of the spreadsheet.
Fixed a startup error caused by excessive use of 'my'....
Reworked the way a modified cell is described at the beginning of the
spreadsheet output.
Index: loncom/interface/lonspreadsheet.pm
diff -u loncom/interface/lonspreadsheet.pm:1.151 loncom/interface/lonspreadsheet.pm:1.152
--- loncom/interface/lonspreadsheet.pm:1.151 Mon Dec 2 11:39:30 2002
+++ loncom/interface/lonspreadsheet.pm Mon Dec 2 16:22:39 2002
@@ -1,5 +1,5 @@
#
-# $Id: lonspreadsheet.pm,v 1.151 2002/12/02 16:39:30 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.152 2002/12/02 21:22:39 matthew Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -62,6 +62,7 @@
use Safe::Hole;
use Opcode;
use GDBM_File;
+use HTML::Entities();
use HTML::TokeParser;
use Spreadsheet::WriteExcel;
@@ -1247,27 +1248,28 @@
if ($formula ne '') {
$value = '<i>undefined value</i>';
}
- }
- if ($value =~ /^\s*$/ ) {
+ } elsif ($value =~ /^\s*$/ ) {
$value = '<font color="'.$bgcolor.'">#</font>';
+ } else {
+ $value = &HTML::Entities::encode($value);
}
- &Apache::lonnet::logthis($name.' formula = '.$formula) if ($formula);
- $formula =~ s/</\</g;
- $formula =~ s/>/\>/g;
- $formula =~ s/\&/\&/g;
- $formula =~ s/\"/\"/g;
- $formula =~ s/\'/\"/g;
+ # Make the formula safe for outputting
+ $formula =~ s/\'/\"/g;
+ # The formula will be parsed by the browser *twice* before being
+ # displayed to the user for editing.
+ $formula = &HTML::Entities::encode(&HTML::Entities::encode($formula));
+ # Escape newlines so they make it into the edit window
$formula =~ s/\n/\\n/gs;
- &Apache::lonnet::logthis($name.' formula = '.$formula) if ($formula);
+ # Glue everything together
$result .= "<a href=\"javascript:celledit(\'".
$name."','".$formula."');\">".$value."</a>";
- &Apache::lonnet::logthis('result = '.$result) if ($formula);
return $result;
}
sub html_uneditable_cell {
my ($cell,$bgcolor) = @_;
my $value = (defined($cell) ? $cell->{'value'} : '');
+ $value = &HTML::Entities::encode($value);
return ' '.$value.' ';
}
@@ -1336,7 +1338,7 @@
####################################
# Print out summary/export row
####################################
- my ($rowlabel,@rowdata) = &get_row($sheet,'0');
+ ($rowlabel,@rowdata) = &get_row($sheet,'0');
$row_html = '<tr><td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
$num_cols_output = 0;
foreach my $cell (@rowdata) {
@@ -3085,8 +3087,9 @@
if ($ENV{'form.unewfield'}) {
$r->print('<h2>Modified Workcopy</h2>');
$ENV{'form.unewformula'}=~s/\'/\"/g;
- $r->print('<p>New formula: '.$ENV{'form.unewfield'}.'='.
- $ENV{'form.unewformula'}.'<p>');
+ $r->print('<p>Cell '.$ENV{'form.unewfield'}.' = <pre>');
+ $r->print(&HTML::Entities::encode($ENV{'form.unewformula'}).
+ '</pre></p>');
$sheet->{'filename'} = $ENV{'form.ufn'};
&tmpread($sheet,$ENV{'form.unewfield'},$ENV{'form.unewformula'});
} elsif ($ENV{'form.saveas'}) {