--- loncom/interface/lonmenu.pm 2022/09/13 12:22:14 1.527 +++ loncom/interface/lonmenu.pm 2022/10/29 14:47:00 1.529 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Routines to control the menu # -# $Id: lonmenu.pm,v 1.527 2022/09/13 12:22:14 raeburn Exp $ +# $Id: lonmenu.pm,v 1.529 2022/10/29 14:47:00 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -935,16 +935,22 @@ sub innerregister { if ($env{'form.title'}) { $title = $env{'form.title'}; } - my $trail; + my ($trail,$cnum,$cdom); + if ($env{'form.folderpath'}) { + $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); + } if ($env{'form.folderpath'}) { &prepare_functions($resurl,$forcereg,$group,undef,undef,1,$hostname); + $title = &HTML::Entities::encode($title,'\'"<>&'); ($trail) = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1); } else { &Apache::lonhtmlcommon::add_breadcrumb( {text => "Supplemental $crstype Content", href => "javascript:gopost('/adm/supplemental','')"}); - $title = &mt('View Resource'); + $title = &HTML::Entities::encode(&mt('View Resource'),'\'"<>&'); ($trail) = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1); } @@ -956,7 +962,7 @@ sub innerregister { &Apache::lonhtmlcommon::clear_breadcrumbs(); &prepare_functions('/public'.$courseurl."/syllabus", $forcereg,$group,undef,undef,1,$hostname); - $title = &mt('Syllabus File'); + $title = &HTML::Entities::encode(&mt('Syllabus File'),'\'"<>&'); my ($trail) = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1,1); if (ref($showncrumbsref)) {