--- loncom/interface/lonmenu.pm 2022/09/19 19:39:48 1.369.2.83.2.5 +++ loncom/interface/lonmenu.pm 2023/01/21 21:40:54 1.369.2.83.2.6 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Routines to control the menu # -# $Id: lonmenu.pm,v 1.369.2.83.2.5 2022/09/19 19:39:48 raeburn Exp $ +# $Id: lonmenu.pm,v 1.369.2.83.2.6 2023/01/21 21:40:54 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -916,16 +916,22 @@ sub innerregister { if ($env{'form.title'}) { $title = $env{'form.title'}; } - my $trail; + my ($trail,$cnum,$cdom); + if ($env{'form.folderpath'}) { + $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); + } if ($env{'form.folderpath'}) { &prepare_functions($resurl,$forcereg,$group,undef,undef,1,$hostname); + $title = &HTML::Entities::encode($title,'\'"<>&'); ($trail) = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1); } else { &Apache::lonhtmlcommon::add_breadcrumb( {text => "Supplemental $crstype Content", href => "javascript:gopost('/adm/supplemental','')"}); - $title = &mt('View Resource'); + $title = &HTML::Entities::encode(&mt('View Resource'),'\'"<>&'); ($trail) = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1); } @@ -937,7 +943,7 @@ sub innerregister { &Apache::lonhtmlcommon::clear_breadcrumbs(); &prepare_functions('/public'.$courseurl."/syllabus", $forcereg,$group,undef,undef,1,$hostname); - $title = &mt('Syllabus File'); + $title = &HTML::Entities::encode(&mt('Syllabus File'),'\'"<>&'); my ($trail) = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1); if (ref($showncrumbsref)) {