--- loncom/interface/londocs.pm 2017/09/15 23:15:55 1.484.2.72.2.2
+++ loncom/interface/londocs.pm 2017/11/01 02:52:22 1.484.2.72.2.3
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: londocs.pm,v 1.484.2.72.2.2 2017/09/15 23:15:55 raeburn Exp $
+# $Id: londocs.pm,v 1.484.2.72.2.3 2017/11/01 02:52:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -4985,6 +4985,11 @@ sub handler {
$disabled = ' disabled="disabled"';
}
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['inhibitmenu']);
+ if ($env{'form.inhibitmenu'}) {
+ unless ($env{'form.inhibitmenu'} eq 'yes') {
+ delete($env{'form.inhibitmenu'});
+ }
+ }
if ($allowed && $env{'form.verify'}) {
&init_breadcrumbs('verify','Verify Content','Docs_Verify_Content');
&verifycontent($r);
@@ -5018,6 +5023,25 @@ sub handler {
'forcesupplement','forcestandard',
'tools','symb','command','supppath']);
+ foreach my $item ('forcesupplement','forcestandard','tools') {
+ next if ($env{'form.'.$item} eq '');
+ unless ($env{'form.'.$item} eq '1') {
+ delete($env{'form.'.$item});
+ }
+ }
+
+ if ($env{'form.command'}) {
+ unless ($env{'form.command'} =~ /^(direct|directnav|editdocs|editsupp|contents|home)$/) {
+ delete($env{'form.command'});
+ }
+ }
+
+ if ($env{'form.symb'}) {
+ my ($mapurl,$id,$resurl) = &Apache::lonnet::decode_symb($env{'form.symb'});
+ unless (($id =~ /^\d+$/) && (&Apache::lonnet::is_on_map($resurl))) {
+ delete($env{'form.symb'});
+ }
+ }
# standard=1: this is a "new-style" course with an uploaded map as top level
# standard=2: this is a "old-style" course, and there is nothing we can do
@@ -5040,6 +5064,38 @@ sub handler {
my $toolsflag=0;
if ($env{'form.tools'}) { $toolsflag=1; }
+ if ($env{'form.folderpath'} ne '') {
+ my @items = split(/\&/,$env{'form.folderpath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+ $badpath = 1;
+ } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.folderpath'});
+ }
+ }
+
+ if ($env{'form.supppath'} ne '') {
+ my @items = split(/\&/,$env{'form.supppath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.supppath'});
+ }
+ }
+
my $script='';
my $showdoc=0;
my $addentries = {};
@@ -6039,6 +6095,7 @@ my %suporderhash = (
sub embedded_form_elems {
my ($phase,$primaryurl,$newidx) = @_;
my $folderpath = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
+ $newidx =~s /\D+//g;
return <
@@ -6059,7 +6116,11 @@ sub embedded_destination {
} elsif ($folder =~ /^(default|supplemental)_(\d+)$/) {
$destination .= $2.'/';
}
- $destination .= $env{'form.newidx'};
+ my $newidx = $env{'form.newidx'};
+ $newidx =~s /\D+//g;
+ if ($newidx) {
+ $destination .= $newidx;
+ }
my $dir_root = '/userfiles';
return ($destination,$dir_root);
}
@@ -6085,6 +6146,9 @@ sub decompression_info {
}
unshift(@hiddens,$pathitem);
foreach my $item (@hiddens) {
+ if ($item eq 'newidx') {
+ next if ($env{'form.'.$item} =~ /\D/);
+ }
if ($env{'form.'.$item}) {
$hiddenelem .= ''."\n";