[LON-CAPA-cvs] cvs: loncom /homework grades.pm
ng
lon-capa-cvs@mail.lon-capa.org
Wed, 23 Jul 2003 17:33:59 -0000
ng Wed Jul 23 13:33:59 2003 EDT
Modified files:
/loncom/homework grades.pm
Log:
fix bug 1315 - encode the following characters (<,>,&,") in message box (essay grading)
Test the script on following browsers: IE 5.5 on windows, IE ?? on mac, mozilla 5,
netscape 4.76 and konqueror on linux, and netscape 4.7 on windows.
Index: loncom/homework/grades.pm
diff -u loncom/homework/grades.pm:1.122 loncom/homework/grades.pm:1.123
--- loncom/homework/grades.pm:1.122 Tue Jul 22 14:59:57 2003
+++ loncom/homework/grades.pm Wed Jul 23 13:33:59 2003
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# The LON-CAPA Grading handler
#
-# $Id: grades.pm,v 1.122 2003/07/22 18:59:57 ng Exp $
+# $Id: grades.pm,v 1.123 2003/07/23 17:33:59 ng Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -881,14 +881,18 @@
re = /msgsub/;
var shwsel = "";
if (re.test(msgchk)) { shwsel = "checked" }
- displaySubject(subject,shwsel);
+ subject = (document.SCORE.shownSub.value == 0 ? checkEntities(subject) : subject);
+ displaySubject(checkEntities(subject),shwsel);
for (var i=1; i<=Nmsg; i++) {
- var testpt = "savemsg"+i+",";
- re = /testpt/;
+ var testmsg = "savemsg"+i+",";
+ re = new RegExp(testmsg,"g");
shwsel = "";
if (re.test(msgchk)) { shwsel = "checked" }
var message = eval("document.SCORE.savemsg"+i+".value");
- displaySavedMsg(i,message,shwsel);
+ var shownOnce = eval("document.SCORE.shownOnce"+i+".value");
+ message = (shownOnce == 0 ? checkEntities(message) : message);
+ displaySavedMsg(i,message,shwsel); //I do not get it. w/o checkEntities on saved messages,
+ //any < is already converted to <, etc. However, only once!!
}
newmsg = eval("document.SCORE.newmsg"+usrctr+".value");
shwsel = "";
@@ -899,6 +903,22 @@
return;
}
+ function checkEntities(strx) {
+ if (strx.length == 0) return strx;
+ var orgStr = ["&", "<", ">", '"'];
+ var newStr = ["&", "<", ">", """];
+ var counter = 0;
+ while (counter < 4) {
+ strx = strReplace(strx,orgStr[counter],newStr[counter]);
+ counter++;
+ }
+ return strx;
+ }
+
+ function strReplace(strx, orgStr, newStr) {
+ return strx.split(orgStr).join(newStr);
+ }
+
function savedMsgHeader(Nmsg,usrctr,fullname) {
var height = 70*Nmsg+250;
var scrollbar = "no";
@@ -920,11 +940,11 @@
pDoc.write("<script language=javascript>");
pDoc.write("function checkInput() {");
- pDoc.write(" opener.document.SCORE.msgsub.value = document.msgcenter.msgsub.value;");
+ pDoc.write(" opener.document.SCORE.msgsub.value = opener.checkEntities(document.msgcenter.msgsub.value);");
pDoc.write(" var nmsg = opener.document.SCORE.savemsgN.value;");
pDoc.write(" var usrctr = document.msgcenter.usrctr.value;");
pDoc.write(" var newval = eval(\\"opener.document.SCORE.newmsg\\"+usrctr);");
- pDoc.write(" newval.value = document.msgcenter.newmsg.value;");
+ pDoc.write(" newval.value = opener.checkEntities(document.msgcenter.newmsg.value);");
pDoc.write(" var msgchk = \\"\\";");
pDoc.write(" if (document.msgcenter.subchk.checked) {");
@@ -934,7 +954,9 @@
pDoc.write(" for (var i=1; i<=nmsg; i++) {");
pDoc.write(" var opnmsg = eval(\\"opener.document.SCORE.savemsg\\"+i);");
pDoc.write(" var frmmsg = eval(\\"document.msgcenter.msg\\"+i);");
- pDoc.write(" opnmsg.value = frmmsg.value;");
+ pDoc.write(" opnmsg.value = opener.checkEntities(frmmsg.value);");
+ pDoc.write(" var showflg = eval(\\"opener.document.SCORE.shownOnce\\"+i);");
+ pDoc.write(" showflg.value = \\"1\\";");
pDoc.write(" var chkbox = eval(\\"document.msgcenter.msgn\\"+i);");
pDoc.write(" if (chkbox.checked) {");
pDoc.write(" msgchk += \\"savemsg\\"+i+\\",\\";");
@@ -1243,7 +1265,6 @@
$ENV{'form.msgsub'} = $keyhash{$symb.'_subject'} ne '' ?
$keyhash{$symb.'_subject'} : $ENV{'form.probTitle'};
$ENV{'form.savemsgN'} = $keyhash{$symb.'_savemsgN'} ne '' ? $keyhash{$symb.'_savemsgN'} : '0';
-
}
my $overRideScore = $ENV{'form.overRideScore'} eq '' ? 'no' : $ENV{'form.overRideScore'};
@@ -1264,22 +1285,26 @@
'<input type="hidden" name="section" value="'.$ENV{'form.section'}.'">'."\n".
'<input type="hidden" name="submitonly" value="'.$ENV{'form.submitonly'}.'">'."\n".
'<input type="hidden" name="handgrade" value="'.$ENV{'form.handgrade'}.'">'."\n".
- '<input type="hidden" name="keywords" value="'.$ENV{'form.keywords'}.'" />'."\n".
- '<input type="hidden" name="kwclr" value="'.$ENV{'form.kwclr'}.'" />'."\n".
- '<input type="hidden" name="kwsize" value="'.$ENV{'form.kwsize'}.'" />'."\n".
- '<input type="hidden" name="kwstyle" value="'.$ENV{'form.kwstyle'}.'" />'."\n".
- '<input type="hidden" name="msgsub" value="'.$ENV{'form.msgsub'}.'" />'."\n".
- '<input type="hidden" name="savemsgN" value="'.$ENV{'form.savemsgN'}.'" />'."\n".
'<input type="hidden" name="NCT"'.
' value="'.($ENV{'form.NTSTU'} ne '' ? $ENV{'form.NTSTU'} : $total+1).'" />'."\n");
+ if ($ENV{'form.handgrade'} eq 'yes') {
+ $request->print('<input type="hidden" name="keywords" value="'.$ENV{'form.keywords'}.'" />'."\n".
+ '<input type="hidden" name="kwclr" value="'.$ENV{'form.kwclr'}.'" />'."\n".
+ '<input type="hidden" name="kwsize" value="'.$ENV{'form.kwsize'}.'" />'."\n".
+ '<input type="hidden" name="kwstyle" value="'.$ENV{'form.kwstyle'}.'" />'."\n".
+ '<input type="hidden" name="msgsub" value="'.$ENV{'form.msgsub'}.'" />'."\n".
+ '<input type="hidden" name="shownSub" value="0" />'."\n".
+ '<input type="hidden" name="savemsgN" value="'.$ENV{'form.savemsgN'}.'" />'."\n");
+ }
my ($cts,$prnmsg) = (1,'');
while ($cts <= $ENV{'form.savemsgN'}) {
$prnmsg.='<input type="hidden" name="savemsg'.$cts.'" value="'.
- ($keyhash{$symb.'_savemsg'.$cts} eq '' ?
+ (!exists($keyhash{$symb.'_savemsg'.$cts}) ?
&Apache::lonfeedback::clear_out_html($ENV{'form.savemsg'.$cts}) :
&Apache::lonfeedback::clear_out_html($keyhash{$symb.'_savemsg'.$cts})).
- '" />'."\n";
+ '" />'."\n".
+ '<input type="hidden" name="shownOnce'.$cts.'" value="0" />'."\n";
$cts++;
}
$request->print($prnmsg);