--- loncom/publisher/lonpublisher.pm	2002/02/14 22:01:39	1.73
+++ loncom/publisher/lonpublisher.pm	2002/04/14 16:25:39	1.77
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Publication Handler
 #
-# $Id: lonpublisher.pm,v 1.73 2002/02/14 22:01:39 albertel Exp $
+# $Id: lonpublisher.pm,v 1.77 2002/04/14 16:25:39 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -68,7 +68,7 @@ use strict;
 use Apache::File;
 use File::Copy;
 use Apache::Constants qw(:common :http :methods);
-use HTML::TokeParser;
+use HTML::LCParser;
 use Apache::lonxml;
 use Apache::lonhomework;
 use Apache::loncacc;
@@ -91,7 +91,7 @@ my $cudom;
 sub metaeval {
     my $metastring=shift;
    
-        my $parser=HTML::TokeParser->new(\$metastring);
+        my $parser=HTML::LCParser->new(\$metastring);
         my $token;
         while ($token=$parser->get_token) {
            if ($token->[0] eq 'S') {
@@ -257,7 +257,7 @@ sub publish {
           $content=join('',<$org>);
         }
         {
-          my $parser=HTML::TokeParser->new(\$content);
+          my $parser=HTML::LCParser->new(\$content);
           my $token;
           while ($token=$parser->get_token) {
               if ($token->[0] eq 'S') {
@@ -288,7 +288,7 @@ sub publish {
                 "Max Index: $maxindex (min 10)\n";
       }
           my $outstring='';
-          my $parser=HTML::TokeParser->new(\$content);
+          my $parser=HTML::LCParser->new(\$content);
           $parser->xml_mode(1);
           my $token;
           while ($token=$parser->get_token) {
@@ -326,7 +326,12 @@ sub publish {
 				  print $logfile 'URL: '.$tag.':'.$oldurl.' - '.
 				      $newurl."\n";
 			      }
-			      $allow{&absoluteurl($newurl,$target)}=1;
+			      if (($newurl !~ /^javascript:/i) &&
+				  ($newurl !~ /^mailto:/i) &&
+				  ($newurl !~ /^http:/i) &&
+				  ($newurl !~ /^\#/)) {
+				  $allow{&absoluteurl($newurl,$target)}=1;
+			      }
 			  }
 			  last;
 		      }
@@ -424,6 +429,8 @@ sub publish {
         $allowstr=~s/\n+/\n/g;
         $outstring=~s/(\<\/[^\>]+\>\s*)$/$allowstr$1/s;
 
+	#Encode any High ASCII characters
+	$outstring=&HTML::Entities::encode($outstring,"\200-\377");
 # ------------------------------------------------------------- Write modified
 
         {
@@ -549,7 +556,7 @@ sub publish {
 # ------------------------------------------------------- Now have all metadata
 
         $scrout.=
-     '<form action="/adm/publish" method="post">'.
+     '<form name="pubform" action="/adm/publish" method="post">'.
        '<p><input type="submit" value="Finalize Publication" /></p>'.
           &hiddenfield('phase','two').
           &hiddenfield('filename',$ENV{'form.filename'}).
@@ -561,7 +568,26 @@ sub publish {
 
 # --------------------------------------------------- Scan content for keywords
 
-	my $keywordout='<p><b>Keywords:</b><br><table border=2><tr>';
+	my $keywordout=<<"END";
+<script>
+function checkAll(field)
+{
+    for (i = 0; i < field.length; i++)
+        field[i].checked = true ;
+}
+
+function uncheckAll(field)
+{
+    for (i = 0; i < field.length; i++)
+        field[i].checked = false ;
+}
+</script>
+<p><b>Keywords:</b> 
+<input type="button" value="check all" onclick="javascript:checkAll(document.pubform.keywords)"> 
+<input type="button" value="uncheck all" onclick="javascript:uncheckAll(document.pubform.keywords)"> 
+<br />
+END
+        $keywordout.='<table border=2><tr>';
         my $colcount=0;
         my %keywords=();
         
@@ -587,7 +613,7 @@ sub publish {
             }
 
             foreach (sort keys %keywords) {
-                $keywordout.='<td><input type=checkbox name="key.'.$_.'"';
+                $keywordout.='<td><input type=checkbox name="keywords" value="'.$_.'"';
                 if ($metadatafields{'keywords'}) {
                    if ($metadatafields{'keywords'}=~/$_/) { 
                       $keywordout.=' checked'; 
@@ -662,7 +688,6 @@ sub phasetwo {
     my ($source,$target,$style,$distarget)=@_;
     my $logfile;
     my $scrout='';
-
     unless ($logfile=Apache::File->new('>>'.$source.'.log')) {
 	return 
          '<font color=red>No write permission to user directory, FAIL</font>';
@@ -689,10 +714,9 @@ sub phasetwo {
      $metadatafields{'dependencies'}=$ENV{'form.dependencies'};
 
      my $allkeywords=$ENV{'form.addkey'};
-     foreach (keys %ENV) {
-         if ($_=~/^form\.key\.(\w+)/) {
-	     $allkeywords.=','.$1;
-         }
+     my @Keywords = @{$ENV{'form.keywords'}};
+     foreach (@Keywords) {
+         $allkeywords.=','.$_;
      }
      $allkeywords=~s/\W+/\,/;
      $allkeywords=~s/^\,//;
@@ -717,7 +741,9 @@ sub phasetwo {
                $value=~s/\"/\'\'/g;
                print $mfh ' '.$_.'="'.$value.'"';
            }
-	   print $mfh '>'.$metadatafields{$unikey}.'</'.$tag.'>';
+	   print $mfh '>'.
+	     &HTML::Entities::encode($metadatafields{$unikey})
+	       .'</'.$tag.'>';
          }
        }
        $scrout.='<p>Wrote Metadata';
@@ -942,7 +968,7 @@ if (-e $target) {
 
 
     return $warning.$scrout.
-      '<hr><a href="'.$thisdistarget.'"><font size=+2>View Target</font></a>'.
+      '<hr><a href="'.$thisdistarget.'"><font size=+2>View Published Version</font></a>'.
       '<p><a href="'.$thissrc.'"><font size=+2>Back to Source</font></a>'.
       '<p><a href="'.$thissrcdir.
       '"><font size=+2>Back to Source Directory</font></a>';
