[LON-CAPA-cvs] cvs: loncom /interface lonfeedback.pm lonmsgdisplay.pm

albertel lon-capa-cvs@mail.lon-capa.org
Sun, 23 Apr 2006 03:50:54 -0000


albertel		Sat Apr 22 23:50:54 2006 EDT

  Modified files:              
    /loncom/interface	lonmsgdisplay.pm lonfeedback.pm 
  Log:
  - always clear out all bad html in the subject/title line 
  
  
Index: loncom/interface/lonmsgdisplay.pm
diff -u loncom/interface/lonmsgdisplay.pm:1.6 loncom/interface/lonmsgdisplay.pm:1.7
--- loncom/interface/lonmsgdisplay.pm:1.6	Sat Apr 22 23:00:34 2006
+++ loncom/interface/lonmsgdisplay.pm	Sat Apr 22 23:50:54 2006
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines for messaging display
 #
-# $Id: lonmsgdisplay.pm,v 1.6 2006/04/23 03:00:34 albertel Exp $
+# $Id: lonmsgdisplay.pm,v 1.7 2006/04/23 03:50:54 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1676,7 +1676,8 @@
         my $savemsg;
         my $msgtype;
         my %sentmessage;
-        my $msgsubj=&Apache::lonfeedback::clear_out_html($env{'form.subject'});
+        my $msgsubj=&Apache::lonfeedback::clear_out_html($env{'form.subject'},
+							 undef,1);
         if ((($env{'form.critmsg'}) || ($env{'form.sendbck'})) &&
             (&Apache::lonnet::allowed('srm',$env{'request.course.id'})
 	     || &Apache::lonnet::allowed('srm',$env{'request.course.id'}.
Index: loncom/interface/lonfeedback.pm
diff -u loncom/interface/lonfeedback.pm:1.193 loncom/interface/lonfeedback.pm:1.194
--- loncom/interface/lonfeedback.pm:1.193	Tue Apr 18 18:56:16 2006
+++ loncom/interface/lonfeedback.pm	Sat Apr 22 23:50:54 2006
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Feedback
 #
-# $Id: lonfeedback.pm,v 1.193 2006/04/18 22:56:16 albertel Exp $
+# $Id: lonfeedback.pm,v 1.194 2006/04/23 03:50:54 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -2326,8 +2326,9 @@
 }
 
 sub clear_out_html {
-  my ($message,$override)=@_;
-  unless (&Apache::lonhtmlcommon::htmlareablocked()) { return $message; }
+  my ($message,$override,$ignore_htmlarea)=@_;
+  if (!$ignore_htmlarea
+      && !&Apache::lonhtmlcommon::htmlareablocked()) { return $message; }
 # Always allow the <m>-tag
   my %html=(M=>1);
 # Check if more is allowed
@@ -2343,9 +2344,9 @@
 	     H1=>1, H2=>1, H3=>1, H4=>1, H5=>1);
   }
 # Do the substitution of everything that is not explicitly allowed
-  $message =~ s/\<(\/?\s*(\w+)[^\>\<]*)/
+  $message =~ s/\<(\/?\s*(\w*)[^\>\<]*)/
 	  {($html{uc($2)}&&(length($1)<1000))?"\<$1":"\&lt;$1"}/ge;
-  $message =~ s/(\<?\s*(\w+)[^\<\>]*)\>/
+  $message =~ s/(\<?\s*(\w*)[^\<\>]*)\>/
 	  {($html{uc($2)}&&(length($1)<1000))?"$1\>":"$1\&gt;"}/ge;
   return $message;
 }
@@ -2614,7 +2615,7 @@
     &newline_to_br(\$message);
     $message=&Apache::lonspeller::markeduptext($message);
     $message=&Apache::lontexconvert::msgtexconverted($message);
-    my $subject=&clear_out_html($env{'form.subject'});
+    my $subject=&clear_out_html($env{'form.subject'},undef,1);
     $subject=~s/\n/\<br \/\>/g;
     $subject=&Apache::lontexconvert::msgtexconverted($subject);
     my $start_page=
@@ -2668,7 +2669,7 @@
 sub modify_attachments {
     my ($r,$currnewattach,$currdelold,$symb,$idx,$attachmenturls)=@_;
     my $orig_subject = &Apache::lonnet::unescape($env{'form.subject'});
-    my $subject=&clear_out_html($orig_subject);
+    my $subject=&clear_out_html($orig_subject,undef,1);
     $subject=~s/\n/\<br \/\>/g;
     $subject=&Apache::lontexconvert::msgtexconverted($subject);
     my $timestamp=$env{'form.timestamp'};
@@ -3411,14 +3412,16 @@
       my ($typestyle,%to) = &decide_receiver($feedurl);
 
 # Actually send mail
-      my ($status,$numsent)=&send_msg(&clear_out_html($env{'form.subject'}),$feedurl,$email,$citations,
+      my ($status,$numsent)=&send_msg(&clear_out_html($env{'form.subject'},
+						      undef,1),
+				      $feedurl,$email,$citations,
 				      $attachmenturl,%to);
 
 # Discussion? Store that.
 
       my $numpost=0;
       if ($env{'form.discuss'} || $env{'form.anondiscuss'}) {
-	  my $subject = &clear_out_html($env{'form.subject'});
+	  my $subject = &clear_out_html($env{'form.subject'},undef,1);
 	  my $anonmode=(defined($env{'form.anondiscuss'}));
 	  $typestyle.=&adddiscuss($symb,$message,$anonmode,$attachmenturl,
 				  $subject);
@@ -3429,7 +3432,7 @@
 
       my $blog='';
       if ($env{'form.blog'}) {
-	  my $subject = &clear_out_html($env{'form.subject'});
+	  my $subject = &clear_out_html($env{'form.subject'},undef,1);
 	  $status.=&Apache::lonrss::addentry($env{'user.name'},
 				    $env{'user.domain'},
 				    'CourseBlog_'.$env{'request.course.id'},