[LON-CAPA-cvs] cvs: loncom /interface lonhelper.pm
foxr
lon-capa-cvs@mail.lon-capa.org
Tue, 07 Dec 2004 11:25:53 -0000
foxr Tue Dec 7 06:25:53 2004 EDT
Modified files:
/loncom/interface lonhelper.pm
Log:
Defect 3290 -- and perhaps some others.
Fix systematic quoting problems in html elements. There were cases
where value = ' .HTML::Entities::encode(something, '...')
did not include ' in the set of 'bad' characters that needed quoting.
I believe all of these cases have been hunted down and squashed.
Index: loncom/interface/lonhelper.pm
diff -u loncom/interface/lonhelper.pm:1.88 loncom/interface/lonhelper.pm:1.89
--- loncom/interface/lonhelper.pm:1.88 Thu Oct 7 18:12:47 2004
+++ loncom/interface/lonhelper.pm Tue Dec 7 06:25:53 2004
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# .helper XML handler to implement the LON-CAPA helper
#
-# $Id: lonhelper.pm,v 1.88 2004/10/07 22:12:47 albertel Exp $
+# $Id: lonhelper.pm,v 1.89 2004/12/07 11:25:53 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1267,7 +1267,7 @@
$result .= "<tr>\n<td width='20'> </td>\n";
$result .= "<td valign='top'><input type='$type' name='$var.forminput'"
. "' value='" .
- HTML::Entities::encode($choice->[1],'<>&"')
+ HTML::Entities::encode($choice->[1],"<>&\"'")
. "'";
if ($checkedChoices{$choice->[1]}) {
$result .= " checked ";
@@ -1424,7 +1424,7 @@
$result .= "<select name='${var}.forminput'>\n";
foreach my $choice (@{$self->{CHOICES}}) {
$result .= "<option value='" .
- HTML::Entities::encode($choice->[1],'<>&"')
+ HTML::Entities::encode($choice->[1],"<>&\"'")
. "'";
if ($checkedChoices{$choice->[1]}) {
$result .= " selected";
@@ -1955,7 +1955,7 @@
$checked = 1;
}
$col .= "value='" .
- HTML::Entities::encode(&$valueFunc($resource),'<>&"')
+ HTML::Entities::encode(&$valueFunc($resource),"<>&\"'")
. "' /></td>";
return $col;
}
@@ -2217,7 +2217,10 @@
$checked = 1;
}
$result .=
- " value='" . HTML::Entities::encode($choice->[0] . ':' . $choice->[2] . ':' . $choice->[1] . ':' . $choice->[3],'<>&"')
+ " value='" . HTML::Entities::encode($choice->[0] . ':'
+ .$choice->[2] . ':'
+ .$choice->[1] . ':'
+ .$choice->[3], "<>&\"'")
. "' /></td><td>"
. HTML::Entities::encode($choice->[1],'<>&"')
. "</td><td align='center'>"
@@ -2533,7 +2536,7 @@
my $id = &new_id();
$result .= '<tr><td align="right"' . " bgcolor='$color'>" .
"<input $onclick type='$type' name='" . $var
- . ".forminput' ".qq{id="$id"}." value='" . HTML::Entities::encode($fileName,'<>&"').
+ . ".forminput' ".qq{id="$id"}." value='" . HTML::Entities::encode($fileName,"<>&\"'").
"'";
if (!$self->{'multichoice'} && $choices == 0) {
$result .= ' checked';
@@ -3215,7 +3218,7 @@
$result .= '<li>'.&mt('for section [_1]',"<b>$section</b>").'</li>';
$level -= 3;
$result .= "<input type='hidden' name='csec' value='" .
- HTML::Entities::encode($section,'<>&"') . "' />\n";
+ HTML::Entities::encode($section,"'<>&\"") . "' />\n";
} else {
# FIXME: This is probably wasteful! Store the name!
my $classlist = Apache::loncoursedata::get_classlist();
@@ -3227,9 +3230,9 @@
$level -= 6;
my ($uname, $udom) = split /:/, $vars->{USER_NAME};
$result .= "<input type='hidden' name='uname' value='".
- HTML::Entities::encode($uname,'<>&"') . "' />\n";
+ HTML::Entities::encode($uname,"'<>&\"") . "' />\n";
$result .= "<input type='hidden' name='udom' value='".
- HTML::Entities::encode($udom,'<>&"') . "' />\n";
+ HTML::Entities::encode($udom,"'<>&\"") . "' />\n";
}
# Print value