--- loncom/interface/lonsyllabus.pm 2022/01/01 21:06:33 1.138.2.8 +++ loncom/interface/lonsyllabus.pm 2023/01/21 21:34:08 1.138.2.8.2.2 @@ -1,7 +1,7 @@ # The LearningOnline Network # Syllabus # -# $Id: lonsyllabus.pm,v 1.138.2.8 2022/01/01 21:06:33 raeburn Exp $ +# $Id: lonsyllabus.pm,v 1.138.2.8.2.2 2023/01/21 21:34:08 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -170,6 +170,7 @@ sub handler { } else { my $brcrum; if ($env{'form.folderpath'} =~ /^supplemental/) { + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); my $title = $env{'form.title'}; if ($title eq '') { $title = &mt('Syllabus'); @@ -178,7 +179,7 @@ sub handler { &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1); } $r->print(&Apache::lonwrapper::wrapper($r,$item,$brcrum,$env{'request.use_absolute'}, - undef,$is_pdf,&mt('Syllabus'))); + undef,$is_pdf,undef,'','',&mt('Syllabus'))); } } return OK; @@ -205,15 +206,17 @@ sub handler { $is_pdf = 1; } if ($env{'form.folderpath'} =~ /^supplemental/) { + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); my $title = $env{'form.title'}; if ($title eq '') { $title = &mt('Syllabus'); } + $title = &HTML::Entities::encode($title,'\'"<>&'); $brcrum = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1); } $r->print(&Apache::lonwrapper::wrapper($r,$external,$brcrum,$env{'request.use_absolute'}, - $is_ext,$is_pdf,&mt('Syllabus'))); + $is_ext,$is_pdf,undef,'','',&mt('Syllabus'))); } return OK; } @@ -767,6 +770,7 @@ sub get_breadcrumbs{ my ($cdom,$cnum,$crstype,$args) = @_; return unless (ref($args) eq 'HASH'); if ($env{'form.folderpath'} =~ /^supplemental/) { + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); my $title = $env{'form.title'}; if ($title eq '') { $title = &mt('Syllabus');