--- loncom/interface/Attic/lonspreadsheet.pm	2002/11/22 19:21:59	1.149
+++ loncom/interface/Attic/lonspreadsheet.pm	2002/12/02 21:22:39	1.152
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.149 2002/11/22 19:21:59 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.152 2002/12/02 21:22:39 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -62,6 +62,7 @@ use Safe;
 use Safe::Hole;
 use Opcode;
 use GDBM_File;
+use HTML::Entities();
 use HTML::TokeParser;
 use Spreadsheet::WriteExcel;
 
@@ -965,11 +966,9 @@ sub templaterow {
 	     'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
 	     'a','b','c','d','e','f','g','h','i','j','k','l','m',
 	     'n','o','p','q','r','s','t','u','v','w','x','y','z') {
-        my $fm=$sheet->{'f'}->{'template_'.$_};
-        $fm=~s/[\'\"]/\&\#34;/g;
         push(@cols,{ name    => 'template_'.$_,
-                     formula => $fm,
-                     value   => $fm });
+                     formula => $sheet->{'f'}->{'template_'.$_},
+                     value   => $sheet->{'f'}->{'template_'.$_} });
     }
     return ($rowlabel,@cols);
 }
@@ -993,10 +992,8 @@ sub outrowassess {
 	     'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
 	     'a','b','c','d','e','f','g','h','i','j','k','l','m',
 	     'n','o','p','q','r','s','t','u','v','w','x','y','z') {
-        my $fm=$sheet->{'f'}->{$_.$n};
-        $fm=~s/[\'\"]/\&\#34;/g;
         push(@cols,{ name    => $_.$n,
-                     formula => $fm,
+                     formula => $sheet->{'f'}->{$_.$n},
                      value   => $sheet->{'values'}->{$_.$n}});
     }
     return ($rowlabel,@cols);
@@ -1019,10 +1016,8 @@ sub outrow {
 	     'N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
 	     'a','b','c','d','e','f','g','h','i','j','k','l','m',
 	     'n','o','p','q','r','s','t','u','v','w','x','y','z') {
-        my $fm=$sheet->{'f'}->{$_.$n};
-        $fm=~s/[\'\"]/\&\#34;/g;
         push(@cols,{ name    => $_.$n,
-                     formula => $fm,
+                     formula => $sheet->{'f'}->{$_.$n},
                      value   => $sheet->{'values'}->{$_.$n}});
     }
     return ($rowlabel,@cols);
@@ -1253,19 +1248,28 @@ sub html_editable_cell {
         if ($formula ne '') {
             $value = '<i>undefined value</i>';
         }
-    }
-    if ($value =~ /^\s*$/ ) {
+    } elsif ($value =~ /^\s*$/ ) {
         $value = '<font color="'.$bgcolor.'">#</font>';
+    } else {
+        $value = &HTML::Entities::encode($value);
     }
+    # Make the formula safe for outputting
+    $formula =~ s/\'/\"/g;
+    # The formula will be parsed by the browser *twice* before being 
+    # displayed to the user for editing.
+    $formula = &HTML::Entities::encode(&HTML::Entities::encode($formula));
+    # Escape newlines so they make it into the edit window
     $formula =~ s/\n/\\n/gs;
-    $result .= '<a href="javascript:celledit(\''.
-        $name.'\',\''.$formula.'\');">'.$value.'</a>';
+    # Glue everything together
+    $result .= "<a href=\"javascript:celledit(\'".
+        $name."','".$formula."');\">".$value."</a>";
     return $result;
 }
 
 sub html_uneditable_cell {
     my ($cell,$bgcolor) = @_;
     my $value = (defined($cell) ? $cell->{'value'} : '');
+    $value = &HTML::Entities::encode($value);
     return '&nbsp;'.$value.'&nbsp;';
 }
 
@@ -1334,7 +1338,7 @@ END
     ####################################
     # Print out summary/export row
     ####################################
-    my ($rowlabel,@rowdata) = &get_row($sheet,'0');
+    ($rowlabel,@rowdata) = &get_row($sheet,'0');
     $row_html = '<tr><td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
     $num_cols_output = 0;
     foreach my $cell (@rowdata) {
@@ -2988,6 +2992,8 @@ sub handler {
 
     function celledit(cellname,cellformula) {
         var edit_text = '';
+        // cellformula may contain less-than and greater-than symbols, so
+        // we need to escape them?  
         edit_text +='<html><head><title>Cell Edit Window</title></head><body>';
         edit_text += '<form name="editwinform">';
         edit_text += '<center><h3>Cell '+cellname+'</h3>';
@@ -3081,8 +3087,9 @@ ENDSCRIPT
     if ($ENV{'form.unewfield'}) {
         $r->print('<h2>Modified Workcopy</h2>');
         $ENV{'form.unewformula'}=~s/\'/\"/g;
-        $r->print('<p>New formula: '.$ENV{'form.unewfield'}.'='.
-                  $ENV{'form.unewformula'}.'<p>');
+        $r->print('<p>Cell '.$ENV{'form.unewfield'}.' = <pre>');
+        $r->print(&HTML::Entities::encode($ENV{'form.unewformula'}).
+                  '</pre></p>');
         $sheet->{'filename'} = $ENV{'form.ufn'};
         &tmpread($sheet,$ENV{'form.unewfield'},$ENV{'form.unewformula'});
     } elsif ($ENV{'form.saveas'}) {
@@ -3221,13 +3228,18 @@ ENDSCRIPT
         } 
         $r->print('>'.$mode.'</option>'."\n");
     }
-    if ($sheet->{'sheettype'} eq 'classcalc') {
-        $r->print('<option value="recursive excel"');
-        if ($ENV{'form.output'} eq 'recursive excel') {
-            $r->print(' selected ');
-        } 
-        $r->print(">Multi-Sheet Excel</option>\n");
-    }
+#
+#    Mulit-sheet excel takes too long and does not work at all for large
+#    classes.  Future inclusion of this option may be possible with the
+#    Spreadsheet::WriteExcel::Big and speed improvements.
+#
+#    if ($sheet->{'sheettype'} eq 'classcalc') {
+#        $r->print('<option value="recursive excel"');
+#        if ($ENV{'form.output'} eq 'recursive excel') {
+#            $r->print(' selected ');
+#        } 
+#        $r->print(">Multi-Sheet Excel</option>\n");
+#    }
     $r->print("</select>\n");
     #
     if ($sheet->{'sheettype'} eq 'classcalc') {