--- loncom/interface/loncommon.pm	2014/11/21 17:59:06	1.1200
+++ loncom/interface/loncommon.pm	2014/12/20 15:35:40	1.1203
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1200 2014/11/21 17:59:06 raeburn Exp $
+# $Id: loncommon.pm,v 1.1203 2014/12/20 15:35:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -4739,13 +4739,13 @@ END_BLOCK
 ###############################################
 
 sub check_ip_acc {
-    my ($acc)=@_;
+    my ($acc,$clientip)=@_;
     &Apache::lonxml::debug("acc is $acc");
     if (!defined($acc) || $acc =~ /^\s*$/ || $acc =~/^\s*no\s*$/i) {
         return 1;
     }
     my $allowed=0;
-    my $ip=$env{'request.host'} || $ENV{'REMOTE_ADDR'};
+    my $ip=$env{'request.host'} || $ENV{'REMOTE_ADDR'} || $clientip;
 
     my $name;
     foreach my $pattern (split(',',$acc)) {
@@ -7733,10 +7733,12 @@ function set_wishlistlink(title, path) {
         title = title.replace(/^LON-CAPA /,'');
     }
     title = encodeURIComponent(title);
+    title = title.replace("'","\\\'");
     if (!path) {
         path = location.pathname;
     }
     path = encodeURIComponent(path);
+    path = path.replace("'","\\\'");
     Win = window.open('/adm/wishlist?mode=newLink&setTitle='+title+'&setPath='+path,
                       'wishlistNewLink','width=560,height=350,scrollbars=0');
 }
@@ -7779,6 +7781,7 @@ var modalWindow = {
 };
 	var openMyModal = function(source,width,height,scrolling,transparency,style)
 	{
+                source = source.replace("'","'");
 		modalWindow.windowId = "myModal";
 		modalWindow.width = width;
 		modalWindow.height = height;
@@ -8386,7 +8389,7 @@ role status: active, previous or future.
 sub check_user_status {
     my ($udom,$uname,$cdom,$crs,$role,$sec) = @_;
     my %userinfo = &Apache::lonnet::dump('roles',$udom,$uname);
-    my @uroles = keys %userinfo;
+    my @uroles = keys(%userinfo);
     my $srchstr;
     my $active_chk = 'none';
     my $now = time;
@@ -14552,7 +14555,7 @@ sub escape_url {
     my ($url)   = @_;
     my @urlslices = split(/\//, $url,-1);
     my $lastitem = &escape(pop(@urlslices));
-    return join('/',@urlslices).'/'.$lastitem;
+    return &HTML::Entities::encode(join('/',@urlslices),"'").'/'.$lastitem;
 }
 
 sub compare_arrays {