[LON-CAPA-cvs] cvs: loncom /interface lonuserutils.pm

raeburn raeburn@source.lon-capa.org
Sun, 21 Mar 2010 14:15:58 -0000 

raeburn		Sun Mar 21 14:15:58 2010 EDT

  Modified files:              
    /loncom/interface	lonuserutils.pm 
  Log:
  - Bug 6241.
    - Corrections to javascript added in 1.115 to sanitize suggested new sections.
      - Use different loop variable names for nested loops.
      - Fix to check for required initial comma separator when appending new 
        sections to section list.
  - Server side sanitizing ofr new section names.  
  
  
Index: loncom/interface/lonuserutils.pm
diff -u loncom/interface/lonuserutils.pm:1.116 loncom/interface/lonuserutils.pm:1.117
--- loncom/interface/lonuserutils.pm:1.116	Fri Feb 19 15:41:40 2010
+++ loncom/interface/lonuserutils.pm	Sun Mar 21 14:15:58 2010
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.116 2010/02/19 15:41:40 bisitz Exp $
+# $Id: lonuserutils.pm,v 1.117 2010/03/21 14:15:58 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -4527,7 +4527,15 @@
             } elsif ($choice eq 'chgsec') {
                 my (@newsecs,$revresult,$nochg,@retained);
                 if (($role ne 'cc') && ($role ne 'co')) {
-                    @newsecs = split(/,/,$env{'form.newsecs'});
+                    my @secs = sort(split(/,/,$env{'form.newsecs'}));
+                    if (@secs) {
+                        my %curr_groups = &Apache::longroup::coursegroups();
+                        foreach my $sec (@secs) {
+                            next if (($sec =~ /\W/) || ($sec eq 'none') ||
+                            (exists($curr_groups{$sec})));
+                            push(@newsecs,$sec);
+                        }
+                    }
                 }
                 # remove existing section if not to be retained.   
                 if (!$env{'form.retainsec'}) {
@@ -4884,8 +4892,8 @@
                         } else {
                             numsplit = newsecs.split(/,/g);
                         }
-                        for (var i=0; i<numsplit.length; i++) {
-                            var newsec = numsplit[i];
+                        for (var m=0; m<numsplit.length; m++) {
+                            var newsec = numsplit[m];
                             newsec = newsec.replace(trimleading,'');
                             newsec = newsec.replace(trimtrailing,'');
                             if (re2.test(newsec) == true) {
@@ -4894,8 +4902,8 @@
                                 if (newsec != '') {
                                     var isnew = 1;
                                     if (fromexisting != null) {
-                                        for (var m=0; m<fromexisting.length; m++) {
-                                            if (newsec == fromexisting[m]) {
+                                        for (var n=0; n<fromexisting.length; n++) {
+                                            if (newsec == fromexisting[n]) {
                                                 isnew = 0;
                                             }
                                         }
@@ -4942,10 +4950,10 @@
                         }
                     }
                     if ((validsecstr != '') && (validsecstr != null)) {
-                        if (numsec > 0) {
-                            sections = sections + "," + validsecstr;
-                        } else {
+                        if ((sections == '') || (sections == null)) {
                             sections = validsecstr;
+                        } else {
+                            sections = sections + "," + validsecstr;
                         }
                     }
                     formname.elements[num+2].value = sections;