--- loncom/auth/lonroles.pm 2021/04/19 23:07:33 1.347 +++ loncom/auth/lonroles.pm 2021/06/12 23:14:56 1.350 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.347 2021/04/19 23:07:33 raeburn Exp $ +# $Id: lonroles.pm,v 1.350 2021/06/12 23:14:56 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -728,7 +728,7 @@ ENDCLOSE $furl .= '&orgurl='.&HTML::Entities::encode($env{'form.orgurl'},'<>&"'); } if ($env{'form.symb'}) { - $furl .= '&symb='.&HTML::Entities::encode($env{'form.symb'}; + $furl .= '&symb='.&HTML::Entities::encode($env{'form.symb'},'<>&"'); } } if (($ferr) && ($tadv)) { @@ -736,7 +736,7 @@ ENDCLOSE } else { if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { if (($env{'form.orgurl'} ne '') && ($env{'form.symb'} ne '')) { - unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'}) { + unless (&Apache::lonnet::symbverify($env{'form.symb'},$env{'form.orgurl'})) { $dest=$env{'form.orgurl'}; } } @@ -831,8 +831,9 @@ ENDCLOSE if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) || ($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) { if ($ENV{'SERVER_PORT'} == 443) { - unless (&Apache::lonnet::uses_sts()) { - my $hostname = $r->hostname(); + my $hostname = $r->hostname(); + unless ((&Apache::lonnet::uses_sts()) || + (&Apache::lonnet::waf_allssl($hostname))) { if ($hostname ne '') { $dest = 'http://'.$hostname.$dest; } @@ -914,7 +915,7 @@ ENDCLOSE } else { $access = &Apache::lonnet::allowed('bre',$furl); } - if (!$access) { + if ((!$access) || ($access eq 'D')) { $furl = &Apache::lonpageflip::first_accessible_resource(); } elsif ($access eq 'B') { $furl = '/adm/navmaps?showOnlyHomework=1';