--- loncom/auth/lonauth.pm	2003/07/16 20:42:31	1.53
+++ loncom/auth/lonauth.pm	2003/07/17 15:24:46	1.54
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.53 2003/07/16 20:42:31 www Exp $
+# $Id: lonauth.pm,v 1.54 2003/07/17 15:24:46 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -107,6 +107,12 @@ sub success {
 	$FORM{'interface'}=$userenv{'interface'};
     }
     $ENV{'environment.remote'}=$userenv{'remote'};
+# --------------- Do not trust query string to be put directly into environment
+    foreach ('imagesuppress','appletsuppress',
+	     'embedsuppress','fontenhance','blackwhite',
+	     'interface','localpath','localres') {
+	$FORM{$_}=~s/[\n\r\=]//gs;
+    }
 # --------------------------------------------------------- Write first profile
 
     {