--- loncom/interface/lonparmset.pm	2007/08/20 22:31:59	1.376
+++ loncom/interface/lonparmset.pm	2007/08/30 00:01:56	1.378
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set parameters for assessments
 #
-# $Id: lonparmset.pm,v 1.376 2007/08/20 22:31:59 albertel Exp $
+# $Id: lonparmset.pm,v 1.378 2007/08/30 00:01:56 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -577,6 +577,7 @@ sub valout {
 		&date_sanity_info($value);
         } else {
             $result = $value;
+	    $result = &HTML::Entities::encode($result,'"<>&');
         }
     }
     return $result;
@@ -613,10 +614,16 @@ sub plink {
     my ($parmname)=((split(/\&/,$marker))[1]=~/\_([^\_]+)$/);
     my ($hour,$min,$sec,$val)=&preset_defaults($parmname);
     unless (defined($winvalue)) { $winvalue=$val; }
+    my $valout = &valout($value,$type,1);
+    foreach my $item (\$type, \$dis, \$winvalue, \$marker, \$return, \$call,
+		      \$hour, \$min, \$sec) {
+	$$item = &HTML::Entities::encode($$item,'"<>&');
+	$$item =~ s/\'/\\\'/g;
+    }
     return '<table width="100%"><tr valign="top" align="right"><td><a name="'.$marker.'" /></td></tr><tr><td align="center">'.
 	'<a href="javascript:pjump('."'".$type."','".$dis."','".$winvalue."','"
 	    .$marker."','".$return."','".$call."','".$hour."','".$min."','".$sec."'".');">'.
-		&valout($value,$type,1).'</a></td></tr></table>';
+	    $valout.'</a></td></tr></table>';
 }
 
 sub page_js {
@@ -1594,7 +1601,8 @@ sub assessparms {
     foreach ('tolerance','date_default','date_start','date_end',
 	     'date_interval','int','float','string') {
 	$r->print('<input type="hidden" value="'.
-		  $env{'form.recent_'.$_}.'" name="recent_'.$_.'" />');
+		  &HTML::Entities::encode($env{'form.recent_'.$_},'"&<>').
+		  '" name="recent_'.$_.'" />');
     }
                         
     if (!$pssymb) {
@@ -2192,11 +2200,11 @@ sub crsenv {
              'pageseparators'  => '<b>'.&mt('Visibly Separate Items on Pages').'</b><br />'.
                                  '('.&mt('"[_1]" for visible separation','<tt>yes</tt>').', '.
                                  &mt('changes will not show until next login').')',
-             'student_classlist_view' => '<b>'.&mt('Allow students to view classlist.').'</b>'.&mt('("all":students can view all sections,"section":students can only view their own section.blank or "disabled" prevents student view.'),
+             'student_classlist_view' => '<b>'.&mt('Allow students to view classlist.').'</b><br />'.&mt('("all":students can view all sections,"section":students can only view their own section.blank or "disabled" prevents student view.)'),
              'student_classlist_portfiles' => '<b>'.&mt('Include link to accessible portfolio files').'</b><br />'.&mt('"[_1]" for link to each a listing of each student\'s files.','<tt>yes</tt>'),
              'student_classlist_opt_in' => '<b>'.&mt("Student's agreement needed for listing in student-viewable roster").'</b><br />'.&mt('"[_1]" to require students to opt-in to listing in the roster (on the roster page).','<tt>yes</tt>'),
              'plc.roles.denied'=> '<b>'.&mt('Disallow live chatroom use for Roles').
-                                  '</b><br />"<tt>st</tt>": '.
+                                  '</b><br />("<tt>st</tt>": '.
                                   &mt('student').', "<tt>ta</tt>": '.
                                   'TA, "<tt>in</tt>": '.
                                   &mt('instructor').';<br /><tt>'.&mt('role,role,...').'</tt>) '.
@@ -2206,7 +2214,7 @@ sub crsenv {
                                  '(<tt>user:domain,user:domain,...</tt>)',
 
              'pch.roles.denied'=> '<b>'.&mt('Disallow Resource Discussion for Roles').
-                                  '</b><br />"<tt>st</tt>": '.
+                                  '</b><br />("<tt>st</tt>": '.
                                   'student, "<tt>ta</tt>": '.
                                   'TA, "<tt>in</tt>": '.
                                   'instructor;<br /><tt>role,role,...</tt>) '.