[LON-CAPA-cvs] cvs: loncom /interface loncommon.pm lonhtmlcommon.pm lonindexer.pm lonmenu.pm lonwishlist.pm
raeburn
raeburn at source.lon-capa.org
Sat Dec 20 10:35:41 EST 2014
raeburn Sat Dec 20 15:35:41 2014 EDT
Modified files:
/loncom/interface loncommon.pm lonhtmlcommon.pm lonindexer.pm
lonmenu.pm lonwishlist.pm
Log:
- Accommodate single quotes in resource URL in "Stored Links" and in "Edit" link
- Accommodate single quotes in URLs in options in "Select Recent" dropdown list
when browsing Resource Space.
- Consistent escaping of special characters for Stored Links added when displaying
a resource in a course, and when browsing Resource Space.
-------------- next part --------------
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1202 loncom/interface/loncommon.pm:1.1203
--- loncom/interface/loncommon.pm:1.1202 Thu Dec 11 01:16:33 2014
+++ loncom/interface/loncommon.pm Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.1202 2014/12/11 01:16:33 raeburn Exp $
+# $Id: loncommon.pm,v 1.1203 2014/12/20 15:35:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -7733,10 +7733,12 @@
title = title.replace(/^LON-CAPA /,'');
}
title = encodeURIComponent(title);
+ title = title.replace("'","\\\'");
if (!path) {
path = location.pathname;
}
path = encodeURIComponent(path);
+ path = path.replace("'","\\\'");
Win = window.open('/adm/wishlist?mode=newLink&setTitle='+title+'&setPath='+path,
'wishlistNewLink','width=560,height=350,scrollbars=0');
}
@@ -7779,6 +7781,7 @@
};
var openMyModal = function(source,width,height,scrolling,transparency,style)
{
+ source = source.replace("'","'");
modalWindow.windowId = "myModal";
modalWindow.width = width;
modalWindow.height = height;
@@ -14552,7 +14555,7 @@
my ($url) = @_;
my @urlslices = split(/\//, $url,-1);
my $lastitem = &escape(pop(@urlslices));
- return join('/', at urlslices).'/'.$lastitem;
+ return &HTML::Entities::encode(join('/', at urlslices),"'").'/'.$lastitem;
}
sub compare_arrays {
Index: loncom/interface/lonhtmlcommon.pm
diff -u loncom/interface/lonhtmlcommon.pm:1.357 loncom/interface/lonhtmlcommon.pm:1.358
--- loncom/interface/lonhtmlcommon.pm:1.357 Thu Dec 11 01:44:55 2014
+++ loncom/interface/lonhtmlcommon.pm Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common html routines
#
-# $Id: lonhtmlcommon.pm,v 1.357 2014/12/11 01:44:55 raeburn Exp $
+# $Id: lonhtmlcommon.pm,v 1.358 2014/12/20 15:35:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3250,7 +3250,7 @@
if ($forcereg) {
$cfile .= '®ister=1';
}
- $jscall = "need_switchserver('$cfile');";
+ $jscall = "need_switchserver('".&Apache::loncommon::escape_single($cfile)."');";
}
} else {
unless ($cfile =~ m{^/priv/}) {
@@ -3281,7 +3281,7 @@
$cfile .= (($cfile=~/\?/)?'&':'?').'todocs=1';
}
}
- $jscall = "go('$cfile')";
+ $jscall = "go('".&Apache::loncommon::escape_single($cfile)."')";
}
return $jscall;
}
Index: loncom/interface/lonindexer.pm
diff -u loncom/interface/lonindexer.pm:1.222 loncom/interface/lonindexer.pm:1.223
--- loncom/interface/lonindexer.pm:1.222 Thu Dec 11 01:46:17 2014
+++ loncom/interface/lonindexer.pm Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Directory Indexer
#
-# $Id: lonindexer.pm,v 1.222 2014/12/11 01:46:17 raeburn Exp $
+# $Id: lonindexer.pm,v 1.223 2014/12/20 15:35:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -989,6 +989,9 @@
$r->print (' alt="'.$msg.'"/></a>'.
"\n");
my $quotable_curdir = &Apache::loncommon::escape_single($curdir);
+ my $quotable_startdir = &Apache::loncommon::escape_single($startdir);
+ my $quotable_listname = &Apache::loncommon::escape_single($listname);
+
$r->print ('<a href="javascript:gothere(\''.$quotable_curdir
.'\')"><img alt="'.$msg.'" src="'.
$iconpath.'quill.gif" class="LC_fileicon" />');
@@ -1000,7 +1003,7 @@
# Wishlistlink
$r->print('</form></td><td><a href="javascript:;" '.
'title="'.&mt('Save a link for this folder in your personal Stored Links repository').'" '.
- 'onclick="set_wishlistlink('."'$plainname','$startdir$listname"."/'".')">'.
+ 'onclick="set_wishlistlink('."'$plainname','$quotable_startdir$quotable_listname"."/'".')">'.
'<img class="LC_icon" src="/res/adm/pages/wishlist.png" '.
'alt="'.&mt('save in Stored Links').'" style="width:22px;"/></a>'.$tabtag);
$r->print(&Apache::loncommon::end_data_table_row());
@@ -1083,6 +1086,8 @@
# Filetype icons
$r->print("<img alt=\"\" src='$iconname' class='LC_fileicon' />\n");
my $quotable_filelink = &Apache::loncommon::escape_single($filelink);
+ my $quotable_startdir = Apache::loncommon::escape_single($startdir);
+ my $quotable_listname = &Apache::loncommon::escape_single($listname);
$r->print (" <a href=\"javascript:openMyModal('".$quotable_filelink."?inhibitmenu=yes',500,500,'yes');\">$listname</a> ");
$quotable_filelink = &Apache::loncommon::escape_single($filelink.'.meta');
@@ -1096,7 +1101,7 @@
# Wishlistlink
$r->print('<td><a href="javascript:;" title="'.&mt('Save a link for this resource in your personal Stored Links repository').'" '.
'onclick="set_wishlistlink('."'".&Apache::lonnet::gettitle($filelink).
- "','$startdir$listname'".')">'.
+ "','$quotable_startdir$quotable_listname'".')">'.
'<img class="LC_icon" src="/res/adm/pages/wishlist.png" '.
'alt="'.&mt('save in Stored Links').'" style="width:22px;"/></a></td>');
if ($hash{'display_attrs_0'} == 1) {
@@ -1238,7 +1243,9 @@
$r->print (' alt="'.$msg.'" class="LC_fileicon" /></a>'.
"\n");
my $quotable_curdir = &Apache::loncommon::escape_single($curdir);
-
+ my $quotable_startdir = &Apache::loncommon::escape_single($startdir);
+ my $quotable_listname = &Apache::loncommon::escape_single($listname);
+
my $location = &Apache::loncommon::lonhttpdurl("/adm/lonIcons");
my $icon = "navmap.folder.".($nowOpen ? "open":"closed").'.gif';
$r->print ('<a href="javascript:gothere('
@@ -1250,7 +1257,7 @@
# Wishlistlink
$r->print('</td><td><a href="javascript:;" '.
'title="'.&mt('Save a link for this folder in Stored Links').'" '.
- 'onclick="set_wishlistlink('."'$listname','$startdir$listname"."/'".')">'.
+ 'onclick="set_wishlistlink('."'$listname','$quotable_startdir$quotable_listname"."/'".')">'.
'<img class="LC_icon" src="/res/adm/pages/wishlist.png" '.
'alt="'.&mt('save in Stored Links').'" style="width:22px;"/></a></td>');
# Attributes
Index: loncom/interface/lonmenu.pm
diff -u loncom/interface/lonmenu.pm:1.429 loncom/interface/lonmenu.pm:1.430
--- loncom/interface/lonmenu.pm:1.429 Mon Sep 22 01:02:52 2014
+++ loncom/interface/lonmenu.pm Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Routines to control the menu
#
-# $Id: lonmenu.pm,v 1.429 2014/09/22 01:02:52 raeburn Exp $
+# $Id: lonmenu.pm,v 1.430 2014/12/20 15:35:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -752,7 +752,7 @@
# wishlist is only available for users with access to resource-pool
# and links can only be set for resources within the resource-pool
$menuitems .= (<<ENDMENUITEMS);
-s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink()&Save a link for this resource in my personal Stored Links repository&&1
+s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink('',currentURL)&Save a link for this resource in my personal Stored Links repository&&1
ENDMENUITEMS
$got_wishlist = 1;
}
@@ -803,7 +803,7 @@
if (($env{'user.adv'}) && (!$env{'request.enc'})) {
# wishlist is only available for users with access to resource-pool
$menuitems .= (<<ENDMENUITEMS);
-s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink()&Save a link for this resource in your personal Stored Links repository&&1
+s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink('',currentURL)&Save a link for this resource in your personal Stored Links repository&&1
ENDMENUITEMS
$got_wishlist = 1;
}
Index: loncom/interface/lonwishlist.pm
diff -u loncom/interface/lonwishlist.pm:1.23 loncom/interface/lonwishlist.pm:1.24
--- loncom/interface/lonwishlist.pm:1.23 Mon Dec 15 17:36:22 2014
+++ loncom/interface/lonwishlist.pm Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility-routines for wishlist
#
-# $Id: lonwishlist.pm,v 1.23 2014/12/15 17:36:22 raeburn Exp $
+# $Id: lonwishlist.pm,v 1.24 2014/12/20 15:35:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1131,8 +1131,9 @@
}
# entry is a link
else {
+ my $quotable_link = &Apache::loncommon::escape_single($n->value()->path());
$wishlistHTMLview .= '<td id="padd'.$index.'" style="padding-left:'.(($indent_view-$indentConst)<=0?$indentConst:$indent_view).'px; min-width: 220px;">'.
- '<a href="javascript:preview('."'".$n->value()->path()."'".');">'.
+ '<a href="javascript:preview('."'".$quotable_link."'".');">'.
'<img src="/res/adm/pages/wishlist-link.png" id="img'.$index.'" alt="link" />'.
$n->value()->title().'</a></td>';
}
@@ -1305,9 +1306,10 @@
$highlight = 'style="color:red;"';
}
# link-image and title
+ my $quotable_link = &Apache::loncommon::escape_single($n->value()->path());
$wishlistHTMLmove .= '<td></td>'.
'<td id="padd'.$index.'" style="padding-left:'.(($indent_move-$indentConst)<=0?$indentConst:$indent_move).'px; min-width: 220px;">'.
- '<a href="javascript:preview('."'".$n->value()->path()."'".');" '.$highlight.'>'.
+ '<a href="javascript:preview('."'".$quotable_link."'".');" '.$highlight.'>'.
'<img src="/res/adm/pages/wishlist-link.png" id="img'.$index.'" alt="link"/>'.
$n->value()->title().'</a></td>';
}
@@ -1425,7 +1427,8 @@
else {
$wishlistHTMLimport .= '<td id="padd'.$index.'" style="padding-left:'.(($indent_imp-$indentConst)<=0?$indentConst:$indent_imp).'px; min-width: 220px;">';
unless ($nopick{$n->value()->path()}) {
- $wishlistHTMLimport .= '<a href="javascript:preview('."'".$n->value()->path()."'".');">';
+ my $quotable_link = &Apache::loncommon::escape_single($n->value()->path());
+ $wishlistHTMLimport .= '<a href="javascript:preview('."'".$quotable_link."'".');">';
}
$wishlistHTMLimport .= '<img src="/res/adm/pages/'.$image.'" id="img'.$index.'" alt="link" />'.
'<span '.$style.'>'.$n->value()->title().'</span></a></td>';
More information about the LON-CAPA-cvs
mailing list