--- loncom/interface/lonsyllabus.pm 2014/06/17 23:22:14 1.137 +++ loncom/interface/lonsyllabus.pm 2016/01/26 14:30:25 1.139 @@ -1,7 +1,7 @@ # The LearningOnline Network # Syllabus # -# $Id: lonsyllabus.pm,v 1.137 2014/06/17 23:22:14 raeburn Exp $ +# $Id: lonsyllabus.pm,v 1.139 2016/01/26 14:30:25 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -164,7 +164,7 @@ sub handler { '\end{document}'); } else { $r->print(&Apache::lonwrapper::wrapper($item,undef,$env{'request.use_absolute'}, - undef,$is_pdf,&mt('Syllabus'))); + undef,$is_pdf,undef,&mt('Syllabus'))); } } return OK; @@ -183,7 +183,7 @@ sub handler { $is_pdf = 1; } $r->print(&Apache::lonwrapper::wrapper($external,undef,$env{'request.use_absolute'}, - $is_ext,$is_pdf,&mt('Syllabus'))); + $is_ext,$is_pdf,undef,&mt('Syllabus'))); } return OK; } @@ -580,6 +580,7 @@ ENDSCRIPT my $checkedstr = "var include = new Array('".join("','",@checked)."');"; my $uncheckedstr = "var exclude = new Array('".join("','",@unchecked)."');"; my $invurl = &mt('Invalid URL'); + &js_escape(\$invurl); my $urlregexp = <<'ENDREGEXP'; /^([a-z]([a-z]|\d|\+|-|\.)*):(\/\/(((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:)*@)?((\[(|(v[\da-f]{1,}\.(([a-z]|\d|-|\.|_|~)|[!\$&'\(\)\*\+,;=]|:)+))\])|((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5]))|(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=])*)(:\d*)?)(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*|(\/((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)?)|((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)+(\/(([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)*)*)|((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)){0})(\?((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|[\uE000-\uF8FF]|\/|\?)*)?(\#((([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(%[\da-f]{2})|[!\$&'\(\)\*\+,;=]|:|@)|\/|\?)*)?$/i ENDREGEXP @@ -1627,11 +1628,12 @@ sub editfile_button { } sub editbutton_js { - my %lt = &Apache::lonlocal::texthash( + my %js_lt = &Apache::lonlocal::texthash( min => 'Are you sure you want to delete the contents of the syllabus template?', file => 'Are you sure you want to delete the uploaded syllabus file?', noundo => 'This action cannot be reversed.' ); + &js_escape(\%js_lt); return < //