--- loncom/lonenc.pm	2006/12/27 17:11:08	1.20
+++ loncom/lonenc.pm	2011/09/30 15:58:05	1.25
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # URL translation for encrypted filenames
 #
-# $Id: lonenc.pm,v 1.20 2006/12/27 17:11:08 albertel Exp $
+# $Id: lonenc.pm,v 1.25 2011/09/30 15:58:05 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,6 +34,17 @@ use Crypt::IDEA;
 use Time::HiRes qw(gettimeofday);
 use LONCAPA;
  
+
+#
+#  If a module makes multiple SSI calls and some of the ssi calls result in a
+#  resource for an encoded URL, and this can be done in an unprivileged role,
+#  there must be a mechanism t oreset the 'request.enc' environment variable.
+#  This sub centralizes that mechanism:
+#
+sub reset_enc {
+    $env{'request.enc'} = 0;
+}
+
 sub encryptseed {
     my ($cid) = @_;
     if (!defined($cid)) {
@@ -56,7 +67,7 @@ sub encryptseed {
         $seed=substr($seed.$seed,0,32);
         return pack("H32",$seed);
     } else {
-        return;
+        return pack("H32",1);
     }
 }
 
@@ -151,13 +162,16 @@ sub encrypt_ref {
     my $html;
     if ($force_enc || $env{'request.enc'}) {
 	while (my ($name,$value)= each(%{ $elements })) {
-	    if (!$value) { next; }
+	    next if (!$value); 
+	    next if ($value =~ /^\w+:/); # explict javascript: or http: link
 	    my $href=&Apache::lonnet::hreflocation($Apache::lonxml::pwd[-1],$value);
-	    if ($href !~ /^http:/) {
+	    if ($href !~ /^https?\:/) {
 		# IE really wants an extension
 		my ($extension) = ($href =~ m/(\.[^.]*)$/);
-		$href = &Apache::lonenc::encrypted($href,$force_enc);
-		$href .= $extension;
+		my $newhref = &Apache::lonenc::encrypted($href,$force_enc);
+		unless ($newhref eq $href) {
+		    $href = $newhref.$extension;
+		}
 	    }
 	    $token->[2]->{$name}=$href;
 	}