--- loncom/auth/lonroles.pm	2012/08/19 03:11:43	1.275
+++ loncom/auth/lonroles.pm	2012/09/04 20:47:46	1.276
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.275 2012/08/19 03:11:43 raeburn Exp $
+# $Id: lonroles.pm,v 1.276 2012/09/04 20:47:46 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -141,7 +141,7 @@ use Apache::loncoursequeueadmin;
 use GDBM_File;
 use LONCAPA qw(:DEFAULT :match);
 use HTML::Entities;
- 
+
 
 sub redirect_user {
     my ($r,$title,$url,$msg) = @_;
@@ -579,11 +579,52 @@ ENDENTERKEY
 				    $furl = "/adm/helper/course.initialization.helper";
 				    # Send the user to the course they selected
 				} elsif ($env{'request.course.id'}) {
-                                    if ($env{'form.destinationurl'}) {
-                                        my $dest = $env{'form.destinationurl'};
-                                        if ($env{'form.destsymb'} ne '') {
-                                            my $esc_symb = &HTML::Entities::encode($env{'form.destsymb'},'"<>&');
-                                            $dest .= '?symb='.$esc_symb;
+                                    my ($dest,$destsymb,$checkenc);
+                                    $dest = $env{'form.destinationurl'};
+                                    $destsymb = $env{'form.destsymb'};
+                                    if ($dest ne '') {
+                                        if ($env{'form.switchrole'}) {
+                                            if ($destsymb ne '') {
+                                                if ($destsymb !~ m{^/enc/}) {
+                                                    unless ($env{'request.role.adv'}) {
+                                                        $checkenc = 1;
+                                                    }
+                                                }
+                                            }
+                                            if ($dest =~ m{^/enc/}) {
+                                                if ($env{'request.role.adv'}) {
+                                                    $dest = &Apache::lonenc::unencrypted($dest);
+                                                    if ($destsymb eq '') {
+                                                        ($destsymb) = ($dest =~ /\?symb=([^\&]*)/);
+                                                        $destsymb = &unescape($destsymb);
+                                                    }
+                                                }
+                                            } else {
+                                                if ($destsymb eq '') {
+                                                    ($destsymb) = ($dest =~ /\?symb=([^\&]+)/);
+                                                    $destsymb = &unescape($destsymb);
+                                                }
+                                                unless ($env{'request.role.adv'}) {
+                                                    $checkenc = 1;
+                                                }
+                                            }
+                                            if (($checkenc) && ($destsymb ne '')) {
+                                                my ($encstate,$unencsymb,$res);
+                                                my $unencsymb = &Apache::lonnet::symbclean($destsymb);
+                                                (undef,undef,$res) = &Apache::lonnet::decode_symb($unencsymb);
+                                                &Apache::lonnet::symbverify($unencsymb,$res,\$encstate);
+                                                if ($encstate) {
+                                                    if (($dest ne '') && ($dest !~ m{^/enc/})) {
+                                                        $dest=&Apache::lonenc::encrypted($dest);
+                                                    }
+                                                }
+                                            }
+                                        }
+                                        unless (($dest =~ m{^/enc/}) || ($dest =~ /\?symb=.+___\d+___.+/)) {
+                                            if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) {
+                                                my $esc_symb = &escape($destsymb);
+                                                $dest .= '?symb='.$esc_symb;
+                                            }
                                         }
                                         &redirect_user($r, &mt('Entering [_1]',
                                                        $env{'course.'.$courseid.'.description'}),