--- loncom/auth/lonroles.pm	2010/06/02 14:49:38	1.247
+++ loncom/auth/lonroles.pm	2010/06/02 14:55:37	1.248
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.247 2010/06/02 14:49:38 raeburn Exp $
+# $Id: lonroles.pm,v 1.248 2010/06/02 14:55:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -259,7 +259,7 @@ sub handler {
                         my ($server_status,$home) = &check_author_homeserver($user,$domain);
                         if ($server_status eq 'switchserver') {
                             my $trolecode = 'au./'.$domain.'/';
-                            my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+                            my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
                             $r->internal_redirect($switchserver);
                         }
                         last;
@@ -270,7 +270,7 @@ sub handler {
                             my ($server_status,$home) = &check_author_homeserver($user,$domain);
                             if ($server_status eq 'switchserver') {
                                 my $trolecode = 'ca./'.$domain.'/'.$user;
-                                my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
+                                my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode;
                                 $r->internal_redirect($switchserver);
                             }
                             last;
@@ -291,7 +291,7 @@ sub handler {
                             if ($server_status eq 'switchserver') {
                                 my $trolecode = 'ca./'.$domain.'/'.$user; 
                                 my $switchserver = '/adm/switchserver?'
-                                                  .'otherserver='.$home.'&role='.$trolecode;
+                                                  .'otherserver='.$home.'&role='.$trolecode;
                                 $r->internal_redirect($switchserver);
                             }
                         } else {
@@ -927,7 +927,7 @@ sub gather_roles {
                     foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
                     if (!$allowed) {
                         $button=0;
-                        $switchserver='otherserver='.$home.'&role='.$trolecode;
+                        $switchserver='otherserver='.$home.'&role='.$trolecode;
                     }
                     #next if ($home eq 'no_host');
                     $home = &Apache::lonnet::hostname($home);
@@ -947,7 +947,7 @@ sub gather_roles {
                     foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
                     if (!$allowed) {
                         $button=0;
-                        $switchserver='otherserver='.$home.'&role='.$trolecode;
+                        $switchserver='otherserver='.$home.'&role='.$trolecode;
                     }
                     #next if ($home eq 'no_host');
                     $home = &Apache::lonnet::hostname($home);
@@ -964,6 +964,7 @@ sub gather_roles {
                     if ($env{'course.'.$tcourseid.'.description'}) {
                         $twhere=$env{'course.'.$tcourseid.'.description'};
                         $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey;
+                        $twhere = &HTML::Entities::encode($twhere,'"<>&');
                         unless ($twhere eq &mt('Currently not available')) {
                             $twhere.=' <span class="LC_fontsize_small">'.
         &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom).
@@ -974,10 +975,10 @@ sub gather_roles {
                         if (%newhash) {
                             $sortkey=$role."\0".$tdom."\0".$newhash{'description'}.
                                 "\0".$envkey;
-                            $twhere=$newhash{'description'}.
-                              ' <span class="LC_fontsize_small">'.
-        &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom).
-                              '</span>';
+                            $twhere=&HTML::Entities::encode($newhash{'description'},'"<>&').
+                                    ' <span class="LC_fontsize_small">'.
+                                     &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom).
+                                    '</span>';
                             $ttype = $newhash{'type'};
                             $trole = &Apache::lonnet::plaintext($role,$ttype,$tcourseid);
                         } else {