[LON-CAPA-cvs] cvs: loncom /interface loncommon.pm lonhtmlcommon.pm lonindexer.pm lonmenu.pm lonwishlist.pm

raeburn raeburn at source.lon-capa.org
Sat Dec 20 10:35:41 EST 2014


raeburn		Sat Dec 20 15:35:41 2014 EDT

  Modified files:              
    /loncom/interface	loncommon.pm lonhtmlcommon.pm lonindexer.pm 
                     	lonmenu.pm lonwishlist.pm 
  Log:
  - Accommodate single quotes in resource URL in "Stored Links" and in "Edit" link
  - Accommodate single quotes in URLs in options in "Select Recent" dropdown list
    when browsing Resource Space.
  - Consistent escaping of special characters for Stored Links added when displaying 
    a resource in a course, and when browsing Resource Space. 
  
  
-------------- next part --------------
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1202 loncom/interface/loncommon.pm:1.1203
--- loncom/interface/loncommon.pm:1.1202	Thu Dec 11 01:16:33 2014
+++ loncom/interface/loncommon.pm	Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1202 2014/12/11 01:16:33 raeburn Exp $
+# $Id: loncommon.pm,v 1.1203 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -7733,10 +7733,12 @@
         title = title.replace(/^LON-CAPA /,'');
     }
     title = encodeURIComponent(title);
+    title = title.replace("'","\\\'");
     if (!path) {
         path = location.pathname;
     }
     path = encodeURIComponent(path);
+    path = path.replace("'","\\\'");
     Win = window.open('/adm/wishlist?mode=newLink&setTitle='+title+'&setPath='+path,
                       'wishlistNewLink','width=560,height=350,scrollbars=0');
 }
@@ -7779,6 +7781,7 @@
 };
 	var openMyModal = function(source,width,height,scrolling,transparency,style)
 	{
+                source = source.replace("'","'");
 		modalWindow.windowId = "myModal";
 		modalWindow.width = width;
 		modalWindow.height = height;
@@ -14552,7 +14555,7 @@
     my ($url)   = @_;
     my @urlslices = split(/\//, $url,-1);
     my $lastitem = &escape(pop(@urlslices));
-    return join('/', at urlslices).'/'.$lastitem;
+    return &HTML::Entities::encode(join('/', at urlslices),"'").'/'.$lastitem;
 }
 
 sub compare_arrays {
Index: loncom/interface/lonhtmlcommon.pm
diff -u loncom/interface/lonhtmlcommon.pm:1.357 loncom/interface/lonhtmlcommon.pm:1.358
--- loncom/interface/lonhtmlcommon.pm:1.357	Thu Dec 11 01:44:55 2014
+++ loncom/interface/lonhtmlcommon.pm	Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common html routines
 #
-# $Id: lonhtmlcommon.pm,v 1.357 2014/12/11 01:44:55 raeburn Exp $
+# $Id: lonhtmlcommon.pm,v 1.358 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -3250,7 +3250,7 @@
             if ($forcereg) {
                 $cfile .= '&register=1';
             }
-            $jscall = "need_switchserver('$cfile');";
+            $jscall = "need_switchserver('".&Apache::loncommon::escape_single($cfile)."');";
         }
     } else {
         unless ($cfile =~ m{^/priv/}) {
@@ -3281,7 +3281,7 @@
                $cfile .= (($cfile=~/\?/)?'&':'?').'todocs=1';
             }
         }
-        $jscall = "go('$cfile')";
+        $jscall = "go('".&Apache::loncommon::escape_single($cfile)."')";
     }
     return $jscall;
 }
Index: loncom/interface/lonindexer.pm
diff -u loncom/interface/lonindexer.pm:1.222 loncom/interface/lonindexer.pm:1.223
--- loncom/interface/lonindexer.pm:1.222	Thu Dec 11 01:46:17 2014
+++ loncom/interface/lonindexer.pm	Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Directory Indexer
 #
-# $Id: lonindexer.pm,v 1.222 2014/12/11 01:46:17 raeburn Exp $
+# $Id: lonindexer.pm,v 1.223 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -989,6 +989,9 @@
 	$r->print (' alt="'.$msg.'"/></a>'.
 		   "\n");
 	my $quotable_curdir = &Apache::loncommon::escape_single($curdir);
+        my $quotable_startdir = &Apache::loncommon::escape_single($startdir);
+        my $quotable_listname = &Apache::loncommon::escape_single($listname);
+
 	$r->print ('<a href="javascript:gothere(\''.$quotable_curdir
 		   .'\')"><img alt="'.$msg.'" src="'.
 		   $iconpath.'quill.gif" class="LC_fileicon" />');
@@ -1000,7 +1003,7 @@
 # Wishlistlink
         $r->print('</form></td><td><a href="javascript:;" '.
                   'title="'.&mt('Save a link for this folder in your personal Stored Links repository').'" '.
-                  'onclick="set_wishlistlink('."'$plainname','$startdir$listname"."/'".')">'.
+                  'onclick="set_wishlistlink('."'$plainname','$quotable_startdir$quotable_listname"."/'".')">'.
                   '<img class="LC_icon" src="/res/adm/pages/wishlist.png" '.
                   'alt="'.&mt('save in Stored Links').'" style="width:22px;"/></a>'.$tabtag);
         $r->print(&Apache::loncommon::end_data_table_row());
@@ -1083,6 +1086,8 @@
 # Filetype icons
 	$r->print("<img alt=\"\" src='$iconname' class='LC_fileicon' />\n");
 	my $quotable_filelink = &Apache::loncommon::escape_single($filelink);
+        my $quotable_startdir = Apache::loncommon::escape_single($startdir);
+        my $quotable_listname = &Apache::loncommon::escape_single($listname);
 
 	$r->print (" <a href=\"javascript:openMyModal('".$quotable_filelink."?inhibitmenu=yes',500,500,'yes');\">$listname</a> ");
 	$quotable_filelink = &Apache::loncommon::escape_single($filelink.'.meta');
@@ -1096,7 +1101,7 @@
 # Wishlistlink
         $r->print('<td><a href="javascript:;" title="'.&mt('Save a link for this resource in your personal Stored Links repository').'" '.
                   'onclick="set_wishlistlink('."'".&Apache::lonnet::gettitle($filelink).
-                  "','$startdir$listname'".')">'.
+                  "','$quotable_startdir$quotable_listname'".')">'.
                   '<img class="LC_icon" src="/res/adm/pages/wishlist.png" '.
                   'alt="'.&mt('save in Stored Links').'" style="width:22px;"/></a></td>');
 	if ($hash{'display_attrs_0'} == 1) {
@@ -1238,7 +1243,9 @@
 	$r->print (' alt="'.$msg.'" class="LC_fileicon" /></a>'.
 		   "\n");
 	my $quotable_curdir = &Apache::loncommon::escape_single($curdir);
-        
+        my $quotable_startdir = &Apache::loncommon::escape_single($startdir);
+        my $quotable_listname = &Apache::loncommon::escape_single($listname);
+
         my $location = &Apache::loncommon::lonhttpdurl("/adm/lonIcons");
 	my $icon = "navmap.folder.".($nowOpen ? "open":"closed").'.gif';
         $r->print ('<a href="javascript:gothere('
@@ -1250,7 +1257,7 @@
 # Wishlistlink
         $r->print('</td><td><a href="javascript:;" '.
                   'title="'.&mt('Save a link for this folder in Stored Links').'" '.
-                  'onclick="set_wishlistlink('."'$listname','$startdir$listname"."/'".')">'.
+                  'onclick="set_wishlistlink('."'$listname','$quotable_startdir$quotable_listname"."/'".')">'.
                   '<img class="LC_icon" src="/res/adm/pages/wishlist.png" '.
                   'alt="'.&mt('save in Stored Links').'" style="width:22px;"/></a></td>');
 # Attributes
Index: loncom/interface/lonmenu.pm
diff -u loncom/interface/lonmenu.pm:1.429 loncom/interface/lonmenu.pm:1.430
--- loncom/interface/lonmenu.pm:1.429	Mon Sep 22 01:02:52 2014
+++ loncom/interface/lonmenu.pm	Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines to control the menu
 #
-# $Id: lonmenu.pm,v 1.429 2014/09/22 01:02:52 raeburn Exp $
+# $Id: lonmenu.pm,v 1.430 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -752,7 +752,7 @@
                 # wishlist is only available for users with access to resource-pool
                 # and links can only be set for resources within the resource-pool
                 $menuitems .= (<<ENDMENUITEMS);
-s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink()&Save a link for this resource in my personal Stored Links repository&&1
+s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink('',currentURL)&Save a link for this resource in my personal Stored Links repository&&1
 ENDMENUITEMS
                 $got_wishlist = 1;
             }
@@ -803,7 +803,7 @@
                 if (($env{'user.adv'}) && (!$env{'request.enc'})) {
                     # wishlist is only available for users with access to resource-pool
                     $menuitems .= (<<ENDMENUITEMS);
-s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink()&Save a link for this resource in your personal Stored Links repository&&1
+s&9&1&wishlist-link.png&Stored Links&wishlistlink[_2]&set_wishlistlink('',currentURL)&Save a link for this resource in your personal Stored Links repository&&1
 ENDMENUITEMS
                     $got_wishlist = 1;
                 }
Index: loncom/interface/lonwishlist.pm
diff -u loncom/interface/lonwishlist.pm:1.23 loncom/interface/lonwishlist.pm:1.24
--- loncom/interface/lonwishlist.pm:1.23	Mon Dec 15 17:36:22 2014
+++ loncom/interface/lonwishlist.pm	Sat Dec 20 15:35:40 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility-routines for wishlist
 #
-# $Id: lonwishlist.pm,v 1.23 2014/12/15 17:36:22 raeburn Exp $
+# $Id: lonwishlist.pm,v 1.24 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1131,8 +1131,9 @@
         }
         # entry is a link
         else {
+            my $quotable_link = &Apache::loncommon::escape_single($n->value()->path());
             $wishlistHTMLview .= '<td id="padd'.$index.'" style="padding-left:'.(($indent_view-$indentConst)<=0?$indentConst:$indent_view).'px; min-width: 220px;">'.
-                                 '<a href="javascript:preview('."'".$n->value()->path()."'".');">'.
+                                 '<a href="javascript:preview('."'".$quotable_link."'".');">'.
                                  '<img src="/res/adm/pages/wishlist-link.png" id="img'.$index.'" alt="link" />'.
                                  $n->value()->title().'</a></td>';
         }
@@ -1305,9 +1306,10 @@
                $highlight = 'style="color:red;"';
             }
             # link-image and title
+            my $quotable_link = &Apache::loncommon::escape_single($n->value()->path());
             $wishlistHTMLmove .= '<td></td>'.
                                  '<td id="padd'.$index.'" style="padding-left:'.(($indent_move-$indentConst)<=0?$indentConst:$indent_move).'px; min-width: 220px;">'.
-                                 '<a href="javascript:preview('."'".$n->value()->path()."'".');" '.$highlight.'>'.
+                                 '<a href="javascript:preview('."'".$quotable_link."'".');" '.$highlight.'>'.
                                  '<img src="/res/adm/pages/wishlist-link.png" id="img'.$index.'" alt="link"/>'.
                                  $n->value()->title().'</a></td>';
         }
@@ -1425,7 +1427,8 @@
         else {
             $wishlistHTMLimport .= '<td id="padd'.$index.'" style="padding-left:'.(($indent_imp-$indentConst)<=0?$indentConst:$indent_imp).'px; min-width: 220px;">';
             unless ($nopick{$n->value()->path()}) {
-                $wishlistHTMLimport .= '<a href="javascript:preview('."'".$n->value()->path()."'".');">';
+                my $quotable_link = &Apache::loncommon::escape_single($n->value()->path());
+                $wishlistHTMLimport .= '<a href="javascript:preview('."'".$quotable_link."'".');">';
             }
             $wishlistHTMLimport .= '<img src="/res/adm/pages/'.$image.'" id="img'.$index.'" alt="link" />'.
                                    '<span '.$style.'>'.$n->value()->title().'</span></a></td>';


More information about the LON-CAPA-cvs mailing list