[LON-CAPA-cvs] cvs: loncom /interface lonsupportreq.pm

raeburn raeburn@source.lon-capa.org
Thu, 01 Oct 2009 19:08:30 -0000 

raeburn		Thu Oct  1 19:08:30 2009 EDT

  Modified files:              
    /loncom/interface	lonsupportreq.pm 
  Log:
  - Better choice of default domain for multi-domain servers.
  - Use HTML entities in user input echoed on request confirmation page.
  
  
Index: loncom/interface/lonsupportreq.pm
diff -u loncom/interface/lonsupportreq.pm:1.53 loncom/interface/lonsupportreq.pm:1.54
--- loncom/interface/lonsupportreq.pm:1.53	Fri Jun  5 12:49:50 2009
+++ loncom/interface/lonsupportreq.pm	Thu Oct  1 19:08:29 2009
@@ -1,5 +1,5 @@
 #
-# $Id: lonsupportreq.pm,v 1.53 2009/06/05 12:49:50 bisitz Exp $
+# $Id: lonsupportreq.pm,v 1.54 2009/10/01 19:08:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -566,13 +566,15 @@
         if ($env{'form.'.$item} ne '') {
             if ($item eq 'description') {
                 my $descrip = $env{'form.description'};
-                $descrip =~ s|\n|<br />|g;
+                $descrip =  &cleanup_html($descrip);
+                $descrip =~ s|[\n\r\f]|<br />|g;
                 $displaymsg .= 
                     '<span class="LC_helpform_receipt_cat">'.
                     "$lt{$item}</span>: $descrip<br />\n";
             } elsif ($item eq 'sourceurl') {
                 my $showurl = $env{'form.sourceurl'};
                 $showurl =~ s/\?.*$//;
+                $showurl =  &cleanup_html($showurl);
                 $displaymsg .= 
                     '<span class="LC_helpform_receipt_cat">'.
                     "$lt{$item}</span>: $showurl<br />\n";
@@ -581,9 +583,11 @@
                     '<span class="LC_helpform_receipt_cat">'.
                     "$lt{$item}</span>: $okcclist<br />\n";
             } else {
+                my $showitem = $env{'form.'.$item};
+                $showitem = &cleanup_html($showitem);
                 $displaymsg .= 
                     '<span class="LC_helpform_receipt_cat">'.
-                    "$lt{$item}</span>: $env{'form.'.$item}<br />\n";
+                    "$lt{$item}</span>: $showitem<br />\n";
             }
         }
     }
@@ -846,9 +850,27 @@
     } elsif ($env{'request.role.domain'}) {
         $codedom = $env{'request.role.domain'};
     } else {
-        $codedom = $Apache::lonnet::perlvar{'lonDefDomain'};
+        $codedom = &Apache::lonnet::default_login_domain();
     }
     return $codedom;
 }
 
+sub cleanup_html {
+    my ($incoming) = @_;
+    my $outgoing;
+    if ($incoming ne '') {
+        $outgoing = $incoming;
+        $outgoing =~ s/\#/&#035;/g;
+        $outgoing =~ s/\&/&#038;/g;
+        $outgoing =~ s/</&#060;/g;
+        $outgoing =~ s/>/&#062;/g;
+        $outgoing =~ s/\(/&#040/g;
+        $outgoing =~ s/\)/&#041;/g;
+        $outgoing =~ s/"/&#034;/g;
+        $outgoing =~ s/'/&#039;/g;
+        $outgoing =~ s/\$/&#036;/g;
+    }
+    return $outgoing;
+}
+
 1;