--- loncom/interface/lonaboutme.pm	2022/10/27 20:33:31	1.162
+++ loncom/interface/lonaboutme.pm	2023/05/13 20:36:27	1.165
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Personal Information Page
 #
-# $Id: lonaboutme.pm,v 1.162 2022/10/27 20:33:31 raeburn Exp $
+# $Id: lonaboutme.pm,v 1.165 2023/05/13 20:36:27 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -113,7 +113,11 @@ sub handler {
     my $candisplay = 1;
     if (!$is_course) {
         if ($action ne 'portfolio') {
-            $candisplay = &Apache::lonnet::usertools_access($cnum,$cdom,'aboutme');
+            if (($env{'user.name'} eq $cnum) && ($env{'user.domain'} eq $cdom)) {
+                $candisplay = &Apache::lonnet::usertools_access($cnum,$cdom,'aboutme');
+            } else {
+                $candisplay = &Apache::loncommon::aboutme_on($cnum,$cdom);
+            }
             if ((!$candisplay) && ($env{'request.course.id'})) {
                 $candisplay = &aboutme_access($cnum,$cdom);
             }
@@ -230,6 +234,7 @@ sub handler {
                 if ($title eq '') {
                     $title = &mt('Personal Information Page');
                 }
+                $title = &HTML::Entities::encode($title,'\'"<>&');
                 my $brcrum =
                     &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1);
                 if (ref($brcrum) eq 'ARRAY') {
@@ -807,10 +812,8 @@ sub parse_directory {
 sub aboutme_access {
     my ($uname,$udom) = @_;
     my $privcheck = $env{'request.course.id'};
-    my $sec;
     if ($env{'request.course.sec'} ne '') {
-        $sec = $env{'request.course.sec'};
-        $privcheck .= '/'.$sec;
+        $privcheck .= '/'.$env{'request.course.sec'};
     }
     my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
     my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};