[LON-CAPA-cvs] cvs: loncom /interface lonfeedback.pm

raeburn lon-capa-cvs@mail.lon-capa.org
Mon, 13 Sep 2004 12:19:15 -0000 

raeburn		Mon Sep 13 08:19:15 2004 EDT

  Modified files:              
    /loncom/interface	lonfeedback.pm 
  Log:
  Escaping discussion post subject and content in attachments upload display. 
  
  
Index: loncom/interface/lonfeedback.pm
diff -u loncom/interface/lonfeedback.pm:1.123 loncom/interface/lonfeedback.pm:1.124
--- loncom/interface/lonfeedback.pm:1.123	Mon Sep 13 01:12:56 2004
+++ loncom/interface/lonfeedback.pm	Mon Sep 13 08:19:14 2004
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Feedback
 #
-# $Id: lonfeedback.pm,v 1.123 2004/09/13 05:12:56 raeburn Exp $
+# $Id: lonfeedback.pm,v 1.124 2004/09/13 12:19:14 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -626,8 +626,8 @@
         my $subject = '';
         if ($ENV{'form.origpage'}) {
             &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['addnewattach','deloldattach','delnewattach','timestamp','idx','subject','comment']);
-            $subject = &HTML::Entities::encode($ENV{'form.subject'},'<>&"');
-            $comment = &HTML::Entities::encode($ENV{'form.comment'},'<>&"');
+            $subject = &Apache::lonnet::unescape($ENV{'form.subject'});
+            $comment = &Apache::lonnet::unescape($ENV{'form.comment'});
             my @keepold = ();
             &process_attachments(\@currnewattach,\@currdelold,\@keepold);
             if (@currnewattach > 0) {
@@ -1316,8 +1316,8 @@
   }
 
   if ($ENV{'form.origpage'}) {
-      $subject = $ENV{'form.subject'};
-      $comment = $ENV{'form.comment'};
+      $subject = &Apache::lonnet::unescape($ENV{'form.subject'});
+      $comment = &Apache::lonnet::unescape($ENV{'form.comment'});
       &process_attachments(\@currnewattach,\@currdelold,\@keepold);
   }
   my $latexHelp=&Apache::loncommon::helpLatexCheatsheet();
@@ -2441,7 +2441,8 @@
 
 sub modify_attachments {
     my ($r,$currnewattach,$currdelold,$symb,$idx,$attachmenturls)=@_;
-    my $subject=&clear_out_html($ENV{'form.subject'});
+    my $orig_subject = &Apache::lonnet::unescape($ENV{'form.subject'});
+    my $subject=&clear_out_html($orig_subject);
     $subject=~s/\n/\<br \/\>/g;
     $subject=&Apache::lontexconvert::msgtexconverted($subject);
     my $timestamp=$ENV{'form.timestamp'};
@@ -2470,7 +2471,7 @@
  <table border="2">
   <tr>
    <td>
-    <b>Subject:</b>$subject</b><br /><br />
+    <b>Subject:</b> $subject</b><br /><br />
 END
     if ($idx) {
         if ($attachmenturls) {
@@ -2577,7 +2578,7 @@
     my $response = (<<END);
 <form name="attachment" action="/adm/feedback?attach=$ressymb" method="post">
 Click to add/remove attachments:&nbsp;<input type="button" value="$att"
-onClick="if (typeof(document.mailform.onsubmit)=='function') {document.mailform.onsubmit();};this.form.comment.value=document.mailform.comment.value;this.form.subject.value=document.mailform.subject.value;
+onClick="if (typeof(document.mailform.onsubmit)=='function') {document.mailform.onsubmit();};this.form.comment.value=escape(document.mailform.comment.value);this.form.subject.value=escape(document.mailform.subject.value);
 END
     unless ($mode eq 'board') {
         $response .= 'javascript:anonchk();';