--- loncom/auth/lonauth.pm	2003/07/16 20:42:31	1.53
+++ loncom/auth/lonauth.pm	2003/09/20 17:44:22	1.57
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.53 2003/07/16 20:42:31 www Exp $
+# $Id: lonauth.pm,v 1.57 2003/09/20 17:44:22 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -46,6 +46,7 @@ use Apache::loncommon();
 use Apache::lonnet();
 use Apache::lonmenu();
 use Fcntl qw(:flock);
+use Apache::lonlocal;
 
 my %FORM;
 
@@ -107,6 +108,12 @@ sub success {
 	$FORM{'interface'}=$userenv{'interface'};
     }
     $ENV{'environment.remote'}=$userenv{'remote'};
+# --------------- Do not trust query string to be put directly into environment
+    foreach ('imagesuppress','appletsuppress',
+	     'embedsuppress','fontenhance','blackwhite',
+	     'interface','localpath','localres') {
+	$FORM{$_}=~s/[\n\r\=]//gs;
+    }
 # --------------------------------------------------------- Write first profile
 
     {
@@ -230,11 +237,42 @@ $bodytag
 ENDFAILED
 }
 
+# ------------------------------------------------------------------ Rerouting!
+
+sub reroute {
+    my $r=shift;
+    my $bodytag=&Apache::loncommon::bodytag('Rerouting');
+    $r->send_cgi_header(<<ENDRFHEADER);
+Content-type: text/html
+
+ENDRFHEADER
+    $r->print(<<ENDRFAILED);
+<html>
+<head>
+<title>Rerouting Login to the LearningOnline Network with CAPA</title>
+</head>
+<html>
+$bodytag
+<h1>Sorry ...</h1>
+Please <a href="/">log in again</a>.
+</body>
+</html>
+ENDRFAILED
+}
+
 # ---------------------------------------------------------------- Main handler
 
 sub handler {
     my $r = shift;
 
+# Are we re-routing?
+    if (-e '/home/httpd/html/lon-status/reroute.txt') {
+	&reroute($r);
+	return OK;
+    }
+
+    &Apache::lonlocal::get_language_handle($r);
+
     my $buffer;
     $r->read($buffer,$r->header_in('Content-length'),0);
     my @pairs=split(/&/,$buffer);