[LON-CAPA-cvs] cvs: loncom /interface londocs.pm

raeburn raeburn at source.lon-capa.org
Tue Feb 9 17:12:33 EST 2021


raeburn		Tue Feb  9 22:12:33 2021 EDT

  Modified files:              
    /loncom/interface	londocs.pm 
  Log:
  - Sanitize user input used as name of blank web page added via Course Editor.
  - Transliterate unicode to ascii in file name.
  - Replace escape() with encodeURIComponent() to preserve unicode in title
    attribute of resource tag in map.
  
  
Index: loncom/interface/londocs.pm
diff -u loncom/interface/londocs.pm:1.674 loncom/interface/londocs.pm:1.675
--- loncom/interface/londocs.pm:1.674	Tue Sep  8 19:15:18 2020
+++ loncom/interface/londocs.pm	Tue Feb  9 22:12:33 2021
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.674 2020/09/08 19:15:18 raeburn Exp $
+# $Id: londocs.pm,v 1.675 2021/02/09 22:12:33 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -833,26 +833,27 @@
 	    }
 	    my $ext = 'false';
 	    if ($url=~m{^http://} || $url=~m{^https://}) { $ext = 'true'; }
-	    $name = &LONCAPA::map::qtunescape($name);
-            if ($name eq '') {
-                $name = &LONCAPA::map::qtunescape(&mt('Web Page'));
-            }
             if ($url =~ m{^/uploaded/$coursedom/$coursenum/((?:docs|supplemental)/(?:default|\d+))/new\.html$}) {
                 my $filepath = $1;
-                my $fname = $name;
-                if ($fname =~ /^\W+$/) {
+                my $fname;
+                if ($name eq '') {
+                    $name = &mt('Web Page');
                     $fname = 'web';
                 } else {
-                    $fname =~ s/\W/_/g;
-                }
-                if (length($fname) > 15) {
-                    $fname = substr($fname,0,14);
+                    $fname = $name;
+                    $fname=&Apache::lonnet::clean_filename($fname);
+                    if ($fname eq '') {
+                        $fname = 'web';
+                    } elsif (length($fname) > 15) {
+                        $fname = substr($fname,0,14);
+                    }
                 }
+                my $title = &Apache::loncommon::cleanup_html($name);
                 my $initialtext = &mt('Replace with your own content.');
                 my $newhtml = <<END;
 <html>
 <head>
-<title>$name</title>
+<title>$title</title>
 </head>
 <body bgcolor="#ffffff">
 $initialtext
@@ -874,6 +875,7 @@
                     return (&mt('Failed to save new web page.'),1);
                 }
             }
+            $name = &LONCAPA::map::qtunescape($name);
             $url  = &LONCAPA::map::qtunescape($url);
 	    $LONCAPA::map::resources[$residx] =
 		join(':', ($name, $url, $ext, 'normal', 'res'));
@@ -7400,7 +7402,7 @@
    }
    if (title) {
        var webpage = formname.importdetail.value; 
-       formname.importdetail.value = escape(title)+'='+webpage;
+       formname.importdetail.value = encodeURIComponent(title)+'='+webpage;
        formname.submit();
    }
 }




More information about the LON-CAPA-cvs mailing list