[LON-CAPA-cvs] cvs: rat /client parameter.html loncom/interface lonparmset.pm
albertel
lon-capa-cvs-allow@mail.lon-capa.org
Thu, 30 Aug 2007 00:02:24 -0000
albertel Wed Aug 29 20:02:24 2007 EDT
Modified files:
/loncom/interface lonparmset.pm
/rat/client parameter.html
Log:
- BUG#5303 (part 2) can't modify a parm set to "1f"
Index: loncom/interface/lonparmset.pm
diff -u loncom/interface/lonparmset.pm:1.377 loncom/interface/lonparmset.pm:1.378
--- loncom/interface/lonparmset.pm:1.377 Fri Aug 24 17:31:41 2007
+++ loncom/interface/lonparmset.pm Wed Aug 29 20:01:56 2007
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set parameters for assessments
#
-# $Id: lonparmset.pm,v 1.377 2007/08/24 21:31:41 www Exp $
+# $Id: lonparmset.pm,v 1.378 2007/08/30 00:01:56 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -577,6 +577,7 @@
&date_sanity_info($value);
} else {
$result = $value;
+ $result = &HTML::Entities::encode($result,'"<>&');
}
}
return $result;
@@ -613,10 +614,16 @@
my ($parmname)=((split(/\&/,$marker))[1]=~/\_([^\_]+)$/);
my ($hour,$min,$sec,$val)=&preset_defaults($parmname);
unless (defined($winvalue)) { $winvalue=$val; }
+ my $valout = &valout($value,$type,1);
+ foreach my $item (\$type, \$dis, \$winvalue, \$marker, \$return, \$call,
+ \$hour, \$min, \$sec) {
+ $$item = &HTML::Entities::encode($$item,'"<>&');
+ $$item =~ s/\'/\\\'/g;
+ }
return '<table width="100%"><tr valign="top" align="right"><td><a name="'.$marker.'" /></td></tr><tr><td align="center">'.
'<a href="javascript:pjump('."'".$type."','".$dis."','".$winvalue."','"
.$marker."','".$return."','".$call."','".$hour."','".$min."','".$sec."'".');">'.
- &valout($value,$type,1).'</a></td></tr></table>';
+ $valout.'</a></td></tr></table>';
}
sub page_js {
@@ -1594,7 +1601,8 @@
foreach ('tolerance','date_default','date_start','date_end',
'date_interval','int','float','string') {
$r->print('<input type="hidden" value="'.
- $env{'form.recent_'.$_}.'" name="recent_'.$_.'" />');
+ &HTML::Entities::encode($env{'form.recent_'.$_},'"&<>').
+ '" name="recent_'.$_.'" />');
}
if (!$pssymb) {
Index: rat/client/parameter.html
diff -u rat/client/parameter.html:1.45 rat/client/parameter.html:1.46
--- rat/client/parameter.html:1.45 Tue Jun 12 21:01:33 2007
+++ rat/client/parameter.html Wed Aug 29 20:02:20 2007
@@ -3,7 +3,7 @@
The LearningOnline Network with CAPA
Parameter Input Window
//
-// $Id: parameter.html,v 1.45 2007/06/13 01:01:33 albertel Exp $
+// $Id: parameter.html,v 1.46 2007/08/30 00:02:20 albertel Exp $
//
// Copyright Michigan State University Board of Trustees
//
@@ -32,7 +32,7 @@
<title>LON-CAPA</title>
</head>
-<script>
+<script type="text/javascript">
var ptype='';
var pvalue='';
@@ -92,6 +92,14 @@
id2+'></td></tr>');
}
+function escapeHTML(text) {
+ text = text.replace(/&/g, '&');
+ text = text.replace(/"/g, '"');
+ text = text.replace(/</g, '<');
+ text = text.replace(/>/g, '>');
+ return text;
+}
+
function datecalc() {
var sform=choices.document.forms.sch;
@@ -500,7 +508,7 @@
tablestart('Integer');
}
choicewrite('<tr bgcolor="#AAFFAA"><td>Value:</td><td colspan=2>');
- choicewrite('<input name=intval size=10 value="'+svalue+
+ choicewrite('<input name=intval size=10 value="'+escapeHTML(svalue)+
'" name=intval onChange="parent.integereval()">');
choicewrite('</td></table>');
}
@@ -522,7 +530,7 @@
tablestart('Floating point number');
}
choicewrite('<tr bgcolor="#AAFFAA"><td>Value:</td><td colspan=2>');
- choicewrite('<input name=floatval size=10 value="'+svalue+
+ choicewrite('<input name=floatval size=10 value="'+escapeHTML(svalue)+
'" name=floatval onChange="parent.floateval()">');
choicewrite('</td></table>');
}
@@ -533,7 +541,7 @@
(typeof(pscat)=='undefined')) {
tablestart('Text');
choicewrite('<tr bgcolor="#AAFFAA"><td>Value:</td><td colspan=2>');
- choicewrite('<input name="stringval" size="20" value="'+svalue+
+ choicewrite('<input name="stringval" size="20" value="'+escapeHTML(svalue)+
'" type="text" onChange="parent.stringeval()">');
}
if (pscat=='yesno') {
@@ -599,7 +607,7 @@
if (pscat=='ip') {
tablestart('IP Number/Name');
choicewrite('<tr bgcolor="#AAFFAA"><td>Value:</td><td colspan=2>');
- choicewrite('<input name="stringval" size="20" value="'+svalue+
+ choicewrite('<input name="stringval" size="20" value="'+escapeHTML(svalue)+
'" onChange="parent.stringeval()">');
}
if (pscat=='fileext') {
@@ -617,7 +625,7 @@
' type="radio" '+callradiostringeval('doc,xls,ppt'));
if (svalue=='doc,xls,ppt') { choicewrite(' checked'); }
choicewrite('> Office Document</label><br />');
- choicewrite('<input name="stringval" size="20" value="'+svalue+
+ choicewrite('<input name="stringval" size="20" value="'+escapeHTML(svalue)+
'" onChange="parent.stringeval()">');
}
if (pscat=='useslots') {
@@ -648,7 +656,7 @@
choicewrite('<table>');
if (svalue) {
choicewrite('<tr><td colspan="9">Current choice:</td><td bgcolor="'+
- svalue+'" colspan="2"> </td></tr>');
+ escapeHTML(svalue)+'" colspan="2"> </td></tr>');
}
for (var ir=0; ir<=10; ir++) {
for (var ig=0; ig<=10; ig++) {