--- loncom/interface/lonuserutils.pm	2014/03/31 01:09:11	1.165
+++ loncom/interface/lonuserutils.pm	2015/06/09 21:22:57	1.170
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.165 2014/03/31 01:09:11 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.170 2015/06/09 21:22:57 damieng Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -450,6 +450,7 @@ sub javascript_validations {
     if (($mode eq 'upload') && ($context eq 'domain')) {
         $alert{'inststatus'} = &mt('The optional affiliation field was not specified'); 
     }
+    &js_escape(\%alert);
     my $function_name = <<"END";
 $setsections_js
 
@@ -642,8 +643,9 @@ sub upload_manager_javascript_forward_as
             $numbuttons ++;
         }
         if (!$can_assign->{'int'}) {
-            my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.').'\n'.
+            my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.')."\n".
                           &mt('Your current role does not have rights to create users with that authentication type.');
+            &js_escape(\$warning);
             $auth_update = <<"END";
    // Currently the initial password field is only supported for internal auth
    // (see bug 6368).
@@ -781,6 +783,7 @@ sub upload_manager_javascript_reverse_as
         if (!$can_assign->{'int'}) {
             my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n').
                           &mt('Your current role does not have rights to create users with that authentication type.');
+            &js_escape(\$warning);
             $auth_update = <<"END";
    // Currently the initial password field is only supported for internal auth
    // (see bug 6368).
@@ -3173,6 +3176,10 @@ sub bulkaction_javascript {
     my $noaction = &mt("You need to select an action to take for the user(s) you have selected"); 
     my $singconfirm = &mt(' for a single user?');
     my $multconfirm = &mt(' for multiple users?');
+    &js_escape(\$alert);
+    &js_escape(\$noaction);
+    &js_escape(\$singconfirm);
+    &js_escape(\$multconfirm);
     my $output = <<"ENDJS";
 function verify_action (field) {
     var numchecked = 0;
@@ -5215,18 +5222,25 @@ sub active_student_roles {
 
 sub section_check_js {
     my $groupslist= &get_groupslist();
+    my %js_lt = &Apache::lonlocal::texthash(
+        mayn   => 'may not be used as the name for a section, as it is a reserved word.',
+        plch   => 'Please choose a different section name.',
+        mnot   => 'may not be used as a section name, as it is the name of a course group.',
+        secn   => 'Section names and group names must be distinct. Please choose a different section name.',
+    );
+    &js_escape(\%js_lt);
     return <<"END";
 function validate(caller) {
     var groups = new Array($groupslist);
     var secname = caller.value;
     if ((secname == 'all') || (secname == 'none')) {
-        alert("'"+secname+"' may not be used as the name for a section, as it is a reserved word.\\nPlease choose a different section name.");
+        alert("'"+secname+"' $js_lt{'mayn'}\\n$js_lt{'plch'}");
         return 'error';
     }
     if (secname != '') {
         for (var k=0; k<groups.length; k++) {
             if (secname == groups[k]) {
-                alert("'"+secname+"' may not be used as the name for a section, as it is the name of a course group.\\nSection names and group names must be distinct. Please choose a different section name.");
+                alert("'"+secname+"' $js_lt{'mnot'}\\n$js_lt{'secn'}");
                 return 'error';
             }
         }
@@ -5267,7 +5281,7 @@ sub set_login {
 sub course_sections {
     my ($sections_count,$role,$current_sec) = @_;
     my $output = '';
-    my @sections = (sort {$a <=> $b} keys %{$sections_count});
+    my @sections = (sort {$a <=> $b} keys(%{$sections_count}));
     my $numsec = scalar(@sections);
     my $is_selected = ' selected="selected"';
     if ($numsec <= 1) {
@@ -5385,7 +5399,8 @@ sub setsections_javascript {
                     mnot => 'may not be used as a section name, as it is the name of a course group.',
                     secn => 'Section names and group names must be distinct. Please choose a different section name.',
                     nonw => 'Section names may only contain letters or numbers.',
-                 );                
+                 );
+    &js_escape(\%alerts);
     $setsection_js .= <<"ENDSECCODE";
 
 function setSections(formname,crstype) {
@@ -5396,6 +5411,9 @@ function setSections(formname,crstype) {
     var groups = new Array($groupslist);
     for (var i=0;i<formname.elements.length;i++) {
         var str = formname.elements[i].name;
+        if (typeof(str) === "undefined") {
+            continue;
+        }
         var checkcurr = str.match(re1);
         if (checkcurr != null) {
             var num = i;
@@ -6019,6 +6037,7 @@ sub sectioncheck_alerts {
                     thwa => 'There was a problem with your course selection',
                     thwc => 'There was a problem with your community selection',
                  );
+    &js_escape(\%alerts);
     return %alerts;
 }
 
@@ -6029,6 +6048,7 @@ sub authcheck_alerts {
                     krb    => 'You need to specify the Kerberos domain.',
                     ipass  => 'You need to specify the initial password.',
         );
+    &js_escape(\%alerts);
     return %alerts;
 }
 
@@ -6095,7 +6115,7 @@ sub selfenroll_validation_types {
             button   => 'Text for validation button',
             markup   => 'Validation description (HTML)',
     );
-    my @fields = ('username','domain','uniquecode','course','token','coursetype');
+    my @fields = ('username','domain','uniquecode','course','coursetype','description');
     return (\@items,\%names,\@fields);
 }