--- loncom/interface/Attic/lonspreadsheet.pm	2002/11/21 19:50:49	1.148
+++ loncom/interface/Attic/lonspreadsheet.pm	2002/12/02 21:22:39	1.152
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.148 2002/11/21 19:50:49 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.152 2002/12/02 21:22:39 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -62,6 +62,7 @@ use Safe;
 use Safe::Hole;
 use Opcode;
 use GDBM_File;
+use HTML::Entities();
 use HTML::TokeParser;
 use Spreadsheet::WriteExcel;
 
@@ -965,11 +966,9 @@ sub templaterow {
 	     'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
 	     'a','b','c','d','e','f','g','h','i','j','k','l','m',
 	     'n','o','p','q','r','s','t','u','v','w','x','y','z') {
-        my $fm=$sheet->{'f'}->{'template_'.$_};
-        $fm=~s/[\'\"]/\&\#34;/g;
         push(@cols,{ name    => 'template_'.$_,
-                     formula => $fm,
-                     value   => $fm });
+                     formula => $sheet->{'f'}->{'template_'.$_},
+                     value   => $sheet->{'f'}->{'template_'.$_} });
     }
     return ($rowlabel,@cols);
 }
@@ -993,10 +992,8 @@ sub outrowassess {
 	     'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
 	     'a','b','c','d','e','f','g','h','i','j','k','l','m',
 	     'n','o','p','q','r','s','t','u','v','w','x','y','z') {
-        my $fm=$sheet->{'f'}->{$_.$n};
-        $fm=~s/[\'\"]/\&\#34;/g;
         push(@cols,{ name    => $_.$n,
-                     formula => $fm,
+                     formula => $sheet->{'f'}->{$_.$n},
                      value   => $sheet->{'values'}->{$_.$n}});
     }
     return ($rowlabel,@cols);
@@ -1019,10 +1016,8 @@ sub outrow {
 	     'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
 	     'a','b','c','d','e','f','g','h','i','j','k','l','m',
 	     'n','o','p','q','r','s','t','u','v','w','x','y','z') {
-        my $fm=$sheet->{'f'}->{$_.$n};
-        $fm=~s/[\'\"]/\&\#34;/g;
         push(@cols,{ name    => $_.$n,
-                     formula => $fm,
+                     formula => $sheet->{'f'}->{$_.$n},
                      value   => $sheet->{'values'}->{$_.$n}});
     }
     return ($rowlabel,@cols);
@@ -1253,19 +1248,28 @@ sub html_editable_cell {
         if ($formula ne '') {
             $value = '<i>undefined value</i>';
         }
-    }
-    if ($value =~ /^\s*$/ ) {
+    } elsif ($value =~ /^\s*$/ ) {
         $value = '<font color="'.$bgcolor.'">#</font>';
+    } else {
+        $value = &HTML::Entities::encode($value);
     }
+    # Make the formula safe for outputting
+    $formula =~ s/\'/\"/g;
+    # The formula will be parsed by the browser *twice* before being 
+    # displayed to the user for editing.
+    $formula = &HTML::Entities::encode(&HTML::Entities::encode($formula));
+    # Escape newlines so they make it into the edit window
     $formula =~ s/\n/\\n/gs;
-    $result .= '<a href="javascript:celledit(\''.
-        $name.'\',\''.$formula.'\');">'.$value.'</a>';
+    # Glue everything together
+    $result .= "<a href=\"javascript:celledit(\'".
+        $name."','".$formula."');\">".$value."</a>";
     return $result;
 }
 
 sub html_uneditable_cell {
     my ($cell,$bgcolor) = @_;
     my $value = (defined($cell) ? $cell->{'value'} : '');
+    $value = &HTML::Entities::encode($value);
     return '&nbsp;'.$value.'&nbsp;';
 }
 
@@ -1317,7 +1321,7 @@ END
     # Print out template row
     ####################################
     my ($rowlabel,@rowdata) = &get_row($sheet,'-');
-    my $row_html = '<tr><td>'.&format_html_rowlabel($rowlabel).'</td>';
+    my $row_html = '<tr><td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
     my $num_cols_output = 0;
     foreach my $cell (@rowdata) {
         if ($num_cols_output++ < $num_uneditable) {
@@ -1334,8 +1338,8 @@ END
     ####################################
     # Print out summary/export row
     ####################################
-    my ($rowlabel,@rowdata) = &get_row($sheet,'0');
-    $row_html = '<tr><td>'.&format_html_rowlabel($rowlabel).'</td>';
+    ($rowlabel,@rowdata) = &get_row($sheet,'0');
+    $row_html = '<tr><td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
     $num_cols_output = 0;
     foreach my $cell (@rowdata) {
         if ($num_cols_output++ < 26) {
@@ -1381,11 +1385,11 @@ END
             '</font></b></td>';
         #
         if ($sheet->{'sheettype'} eq 'classcalc') {
-            $row_html.='<td>'.&format_html_rowlabel($rowlabel).'</td>';
+            $row_html.='<td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
             # Output links for each student?
             # Nope, that is already done for us in format_html_rowlabel (for now)
         } elsif ($sheet->{'sheettype'} eq 'studentcalc') {
-            $row_html.='<td>'.&format_html_rowlabel($rowlabel);
+            $row_html.='<td>'.&format_html_rowlabel($sheet,$rowlabel);
             $row_html.= '<br>'.
                 '<select name="sel_'.$rownum.'" '.
                     'onChange="changesheet('.$rownum.')">'.
@@ -1399,7 +1403,7 @@ END
             }
             $row_html.='</select></td>';
         } elsif ($sheet->{'sheettype'} eq 'assesscalc') {
-            $row_html.='<td>'.&format_html_rowlabel($rowlabel).'</td>';
+            $row_html.='<td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
         }
         #
         my $shown_cells = 0;
@@ -1469,7 +1473,7 @@ sub outsheet_csv   {
     foreach my $rownum (@Rows) {
         my ($rowlabel,@rowdata) = &get_row($sheet,$rownum);
         next if ($rowlabel =~ /^\s*$/);
-        push (@Values,&format_csv_rowlabel($rowlabel));
+        push (@Values,&format_csv_rowlabel($sheet,$rowlabel));
         foreach my $cell (@rowdata) {
             push (@Values,'"'.$cell->{'value'}.'"');
         }
@@ -1638,7 +1642,7 @@ sub export_sheet_as_excel {
     #   Write the summary/export row   #
     ####################################
     my ($rowlabel,@rowdata) = &get_row($sheet,'0');
-    my $label = &format_excel_rowlabel($rowlabel);
+    my $label = &format_excel_rowlabel($sheet,$rowlabel);
     $cols_output = 0;
     $worksheet->write($rows_output,$cols_output++,$label);
     foreach my $cell (@rowdata) {
@@ -1655,7 +1659,7 @@ sub export_sheet_as_excel {
         my ($rowlabel,@rowdata) = &get_row($sheet,$rownum);
         next if ($rowlabel =~ /^[\s]*$/);
         $cols_output = 0;
-        my $label = &format_excel_rowlabel($rowlabel);
+        my $label = &format_excel_rowlabel($sheet,$rowlabel);
         if ( ! $ENV{'form.showall'} &&
              $sheet->{'sheettype'} =~ /^(studentcalc|classcalc)$/) {
             my $row_is_empty = 1;
@@ -2052,15 +2056,16 @@ sub parmval {
 ##                  Row label formatting routines               ##
 ##################################################################
 sub format_html_rowlabel {
+    my $sheet = shift;
     my $rowlabel = shift;
     return '' if ($rowlabel eq '');
     my ($type,$labeldata) = split(':',$rowlabel,2);
     my $result = '';
     if ($type eq 'symb') {
-        my ($symb,$uname,$udom,$mapid,$resid,$title) = split(':',$labeldata);
+        my ($symb,$mapid,$resid,$title) = split(':',$labeldata);
         $symb = &Apache::lonnet::unescape($symb);
         $result = '<a href="/adm/assesscalc?usymb='.$symb.
-            '&uname='.$uname.'&udom='.$udom.
+            '&uname='.$sheet->{'uname'}.'&udom='.$sheet->{'udom'}.
                 '&mapid='.$mapid.'&resid='.$resid.'">'.$title.'</a>';
     } elsif ($type eq 'student') {
         my ($sname,$sdom,$fullname,$section,$id) = split(':',$labeldata);
@@ -2079,12 +2084,13 @@ sub format_html_rowlabel {
 }
 
 sub format_csv_rowlabel {
+    my $sheet = shift;
     my $rowlabel = shift;
     return '' if ($rowlabel eq '');
     my ($type,$labeldata) = split(':',$rowlabel,2);
     my $result = '';
     if ($type eq 'symb') {
-        my ($symb,$uname,$udom,$mapid,$resid,$title) = split(':',$labeldata);
+        my ($symb,$mapid,$resid,$title) = split(':',$labeldata);
         $symb = &Apache::lonnet::unescape($symb);
         $result = $title;
     } elsif ($type eq 'student') {
@@ -2100,12 +2106,13 @@ sub format_csv_rowlabel {
 }
 
 sub format_excel_rowlabel {
+    my $sheet = shift;
     my $rowlabel = shift;
     return '' if ($rowlabel eq '');
     my ($type,$labeldata) = split(':',$rowlabel,2);
     my $result = '';
     if ($type eq 'symb') {
-        my ($symb,$uname,$udom,$mapid,$resid,$title) = split(':',$labeldata);
+        my ($symb,$mapid,$resid,$title) = split(':',$labeldata);
         $symb = &Apache::lonnet::unescape($symb);
         $result = $title;
     } elsif ($type eq 'student') {
@@ -2217,7 +2224,7 @@ sub get_student_rowlabels {
         my %assesslist;
         foreach ('Feedback','Evaluation','Tutoring','Discussion') {
             my $symb = '_'.lc($_);
-            $assesslist{$symb} = join(':',('symb',$symb,$uname,$udom,0,0,$_));
+            $assesslist{$symb} = join(':',('symb',$symb,0,0,$_));
         }
         #
         while (my ($key,$srcf) = each(%course_db)) {
@@ -2230,8 +2237,7 @@ sub get_student_rowlabels {
                     &Apache::lonnet::declutter($course_db{'map_id_'.$mapid}).
                         '___'.$resid.'___'.&Apache::lonnet::declutter($srcf);
                 $assesslist{$symb}='symb:'.&Apache::lonnet::escape($symb).':'
-                    .$uname.':'.$udom.':'.$mapid.':'.$resid.':'.
-                        $course_db{'title_'.$id};
+                    .$mapid.':'.$resid.':'.$course_db{'title_'.$id};
             }
         }
         untie(%course_db);
@@ -2986,6 +2992,8 @@ sub handler {
 
     function celledit(cellname,cellformula) {
         var edit_text = '';
+        // cellformula may contain less-than and greater-than symbols, so
+        // we need to escape them?  
         edit_text +='<html><head><title>Cell Edit Window</title></head><body>';
         edit_text += '<form name="editwinform">';
         edit_text += '<center><h3>Cell '+cellname+'</h3>';
@@ -3079,8 +3087,9 @@ ENDSCRIPT
     if ($ENV{'form.unewfield'}) {
         $r->print('<h2>Modified Workcopy</h2>');
         $ENV{'form.unewformula'}=~s/\'/\"/g;
-        $r->print('<p>New formula: '.$ENV{'form.unewfield'}.'='.
-                  $ENV{'form.unewformula'}.'<p>');
+        $r->print('<p>Cell '.$ENV{'form.unewfield'}.' = <pre>');
+        $r->print(&HTML::Entities::encode($ENV{'form.unewformula'}).
+                  '</pre></p>');
         $sheet->{'filename'} = $ENV{'form.ufn'};
         &tmpread($sheet,$ENV{'form.unewfield'},$ENV{'form.unewformula'});
     } elsif ($ENV{'form.saveas'}) {
@@ -3219,13 +3228,18 @@ ENDSCRIPT
         } 
         $r->print('>'.$mode.'</option>'."\n");
     }
-    if ($sheet->{'sheettype'} eq 'classcalc') {
-        $r->print('<option value="recursive excel"');
-        if ($ENV{'form.output'} eq 'recursive excel') {
-            $r->print(' selected ');
-        } 
-        $r->print(">Multi-Sheet Excel</option>\n");
-    }
+#
+#    Mulit-sheet excel takes too long and does not work at all for large
+#    classes.  Future inclusion of this option may be possible with the
+#    Spreadsheet::WriteExcel::Big and speed improvements.
+#
+#    if ($sheet->{'sheettype'} eq 'classcalc') {
+#        $r->print('<option value="recursive excel"');
+#        if ($ENV{'form.output'} eq 'recursive excel') {
+#            $r->print(' selected ');
+#        } 
+#        $r->print(">Multi-Sheet Excel</option>\n");
+#    }
     $r->print("</select>\n");
     #
     if ($sheet->{'sheettype'} eq 'classcalc') {