-
-
@@ -2326,8 +2323,9 @@ sub resource_output {
}
sub clear_out_html {
- my ($message,$override)=@_;
- unless (&Apache::lonhtmlcommon::htmlareablocked()) { return $message; }
+ my ($message,$override,$ignore_htmlarea)=@_;
+ if (!$ignore_htmlarea
+ && !&Apache::lonhtmlcommon::htmlareablocked()) { return $message; }
# Always allow the -tag
my %html=(M=>1);
# Check if more is allowed
@@ -2343,9 +2341,9 @@ sub clear_out_html {
H1=>1, H2=>1, H3=>1, H4=>1, H5=>1);
}
# Do the substitution of everything that is not explicitly allowed
- $message =~ s/\<(\/?\s*(\w+)[^\>\<]*)/
+ $message =~ s/\<(\/?\s*(\w*)[^\>\<]*)/
{($html{uc($2)}&&(length($1)<1000))?"\<$1":"\<$1"}/ge;
- $message =~ s/(\\s*(\w+)[^\<\>]*)\>/
+ $message =~ s/(\\s*(\w*)[^\<\>]*)\>/
{($html{uc($2)}&&(length($1)<1000))?"$1\>":"$1\>"}/ge;
return $message;
}
@@ -2614,7 +2612,7 @@ sub show_preview {
&newline_to_br(\$message);
$message=&Apache::lonspeller::markeduptext($message);
$message=&Apache::lontexconvert::msgtexconverted($message);
- my $subject=&clear_out_html($env{'form.subject'});
+ my $subject=&clear_out_html($env{'form.subject'},undef,1);
$subject=~s/\n/\ /g;
$subject=&Apache::lontexconvert::msgtexconverted($subject);
my $start_page=
@@ -2668,7 +2666,7 @@ ENDPREVIEW
sub modify_attachments {
my ($r,$currnewattach,$currdelold,$symb,$idx,$attachmenturls)=@_;
my $orig_subject = &Apache::lonnet::unescape($env{'form.subject'});
- my $subject=&clear_out_html($orig_subject);
+ my $subject=&clear_out_html($orig_subject,undef,1);
$subject=~s/\n/\ /g;
$subject=&Apache::lontexconvert::msgtexconverted($subject);
my $timestamp=$env{'form.timestamp'};
@@ -3411,14 +3409,16 @@ ENDREDIR
my ($typestyle,%to) = &decide_receiver($feedurl);
# Actually send mail
- my ($status,$numsent)=&send_msg(&clear_out_html($env{'form.subject'}),$feedurl,$email,$citations,
+ my ($status,$numsent)=&send_msg(&clear_out_html($env{'form.subject'},
+ undef,1),
+ $feedurl,$email,$citations,
$attachmenturl,%to);
# Discussion? Store that.
my $numpost=0;
if ($env{'form.discuss'} || $env{'form.anondiscuss'}) {
- my $subject = &clear_out_html($env{'form.subject'});
+ my $subject = &clear_out_html($env{'form.subject'},undef,1);
my $anonmode=(defined($env{'form.anondiscuss'}));
$typestyle.=&adddiscuss($symb,$message,$anonmode,$attachmenturl,
$subject);
@@ -3429,7 +3429,7 @@ ENDREDIR
my $blog='';
if ($env{'form.blog'}) {
- my $subject = &clear_out_html($env{'form.subject'});
+ my $subject = &clear_out_html($env{'form.subject'},undef,1);
$status.=&Apache::lonrss::addentry($env{'user.name'},
$env{'user.domain'},
'CourseBlog_'.$env{'request.course.id'},
|