--- loncom/interface/londocs.pm	2017/08/13 20:52:58	1.634
+++ loncom/interface/londocs.pm	2017/08/14 14:54:29	1.635
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.634 2017/08/13 20:52:58 raeburn Exp $
+# $Id: londocs.pm,v 1.635 2017/08/14 14:54:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -5200,6 +5200,12 @@ sub handler {
         $disabled = ' disabled="disabled"';
     }
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['inhibitmenu']);
+    if ($env{'form.inhibitmenu'}) {
+        unless ($env{'form.inhibitmenu'} eq 'yes') {
+            delete($env{'form.inhibitmenu'});
+        }
+    }
+
   if ($allowed && $env{'form.verify'}) {
       &init_breadcrumbs('verify','Verify Content','Docs_Verify_Content');
       &verifycontent($r);
@@ -5282,6 +5288,26 @@ sub handler {
                                              'forcesupplement','forcestandard',
                                              'tools','symb','command','supppath']);
 
+    foreach my $item ('forcesupplement','forcestandard','tools') {
+        next if ($env{'form.'.$item} eq '');
+        unless ($env{'form.'.$item} eq '1') {
+            delete($env{'form.'.$item});
+        }
+    }
+
+    if ($env{'form.command'}) {
+        unless ($env{'form.command'} =~ /^(direct|directnav|editdocs|editsupp|contents|home)$/) {
+            delete($env{'form.command'});
+        }
+    }
+
+    if ($env{'form.symb'}) {
+        my ($mapurl,$id,$resurl) = &Apache::lonnet::decode_symb($env{'form.symb'});
+        unless (($id =~ /^\d+$/) && (&Apache::lonnet::is_on_map($resurl))) { 
+            delete($env{'form.symb'});
+        }
+    }
+
 # standard=1: this is a "new-style" course with an uploaded map as top level
 # standard=2: this is a "old-style" course, and there is nothing we can do
 
@@ -5304,6 +5330,38 @@ sub handler {
     my $toolsflag=0;
     if ($env{'form.tools'}) { $toolsflag=1; }
 
+    if ($env{'form.folderpath'} ne '') {
+        my @items = split(/\&/,$env{'form.folderpath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+                $badpath = 1;
+            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.folderpath'});
+        }
+    }
+
+    if ($env{'form.supppath'} ne '') {
+        my @items = split(/\&/,$env{'form.supppath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+                $badpath = 1; 
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.supppath'});
+        }
+    }
+
     my $script='';
     my $showdoc=0;
     my $addentries = {};