--- loncom/xml/lonxml.pm	2001/07/27 18:16:22	1.104
+++ loncom/xml/lonxml.pm	2001/08/24 15:31:55	1.127
@@ -13,12 +13,14 @@
 # 6/12,6/13 H. K. Ng
 # 6/16 Gerd Kortemeyer
 # 7/27 H. K. Ng
+# 8/7,8/9,8/10,8/11,8/15,8/16,8/17,8/18,8/20,8/23,8/24 Gerd Kortemeyer
 
 package Apache::lonxml; 
 use vars 
 qw(@pwd @outputstack $redirection $import @extlinks $metamode $evaluate %insertlist @namespace);
 use strict;
 use HTML::TokeParser;
+use HTML::TreeBuilder;
 use Safe;
 use Safe::Hole;
 use Math::Cephes qw(:trigs :hypers :bessels erf erfc);
@@ -95,6 +97,12 @@ sub xmlbegin {
 sub xmlend {
     my $discussion='';
     if ($ENV{'request.course.id'}) {
+       my $crs='/'.$ENV{'request.course.id'};
+       if ($ENV{'request.course.sec'}) {
+          $crs.='_'.$ENV{'request.course.sec'};
+       }                 
+       $crs=~s/\_/\//g;
+       my $seeid=&Apache::lonnet::allowed('rin',$crs);
        my $symb=&Apache::lonnet::symbread();
        if ($symb) {
           my %contrib=&Apache::lonnet::restore($symb,$ENV{'request.course.id'},
@@ -105,13 +113,37 @@ sub xmlend {
                   '<address><hr /><h2>Course Discussion of Resource</h2>';
               my $idx;
               for ($idx=1;$idx<=$contrib{'version'};$idx++) {
-                  my $message=$contrib{$idx.':message'};
-                  $message=~s/\n/\<br \/\>/g;
-		  $discussion.='<p><b>'.$contrib{$idx.':sendername'}.' at '.
-		      $contrib{$idx.':senderdomain'}.'</b> ('.
+		my $hidden=($contrib{'hidden'}=~/\.$idx\./);
+		unless (($hidden) && (!$seeid)) {
+                 my $message=$contrib{$idx.':message'};
+                 $message=~s/\n/\<br \/\>/g;
+                 if ($message) {
+                  if ($hidden) {
+		      $message='<font color="#888888">'.$message.'</font>';
+                  }
+                  my $sender='Anonymous';
+                  if ((!$contrib{$idx.':anonymous'}) || ($seeid)) {
+                      $sender=$contrib{$idx.':sendername'}.' at '.
+		      $contrib{$idx.':senderdomain'};
+                      if ($contrib{$idx.':anonymous'}) {
+			  $sender.=' (anonymous)';
+                      }
+                      if ($seeid) {
+			  if ($hidden) {
+                             $sender.=' <a href="/adm/feedback?unhide='.
+				 $symb.':::'.$idx.'">Make Visible</a>';
+                          } else {
+                             $sender.=' <a href="/adm/feedback?hide='.
+				 $symb.':::'.$idx.'">Hide</a>';
+			  }
+                      }                   
+                  }
+		  $discussion.='<p><b>'.$sender.'</b> ('.
                       localtime($contrib{$idx.':timestamp'}).
                       '):<blockquote>'.$message.
-                      '</blockquote></p>'; 
+                      '</blockquote></p>';
+	        }
+               } 
               }
               $discussion.='</address>';
           }
@@ -120,6 +152,103 @@ sub xmlend {
     return $discussion.'</html>';
 }
 
+sub tokeninputfield {
+    my $defhost=$Apache::lonnet::perlvar{'lonHostID'};
+    $defhost=~tr/a-z/A-Z/;
+    return (<<ENDINPUTFIELD)
+<script>
+    function updatetoken() {
+	var comp=new Array;
+        var barcode=unescape(document.tokeninput.barcode.value);
+        comp=barcode.split('*');
+        if (typeof(comp[0])!="undefined") {
+	    document.tokeninput.codeone.value=comp[0];
+	}
+        if (typeof(comp[1])!="undefined") {
+	    document.tokeninput.codetwo.value=comp[1];
+	}
+        if (typeof(comp[2])!="undefined") {
+            comp[2]=comp[2].toUpperCase();
+	    document.tokeninput.codethree.value=comp[2];
+	}
+        document.tokeninput.barcode.value='';
+    }  
+</script>
+<form method="post" name="tokeninput">
+<table border="2" bgcolor="#FFFFBB">
+<tr><th>DocID Checkin</th></tr>
+<tr><td>
+<table>
+<tr>
+<td>Scan in Barcode</td>
+<td><input type="text" size="22" name="barcode" 
+onChange="updatetoken()"/></td>
+</tr>
+<tr><td><i>or</i> Type in DocID</td>
+<td>
+<input type="text" size="5" name="codeone" />
+<b><font size="+2">*</font></b>
+<input type="text" size="5" name="codetwo" />
+<b><font size="+2">*</font></b>
+<input type="text" size="10" name="codethree" value="$defhost" 
+onChange="this.value=this.value.toUpperCase()" />
+</td></tr>
+</table>
+</td></tr>
+<tr><td><input type="submit" value="Check in DocID" /></td></tr>
+</table>
+</form>
+ENDINPUTFIELD
+}
+
+sub maketoken {
+    my ($symb,$tuname,$tudom,$tcrsid)=@_;
+    unless ($symb) {
+	$symb=&Apache::lonnet::symbread();
+    }
+    unless ($tuname) {
+	$tuname=$ENV{'user.name'};
+        $tudom=$ENV{'user.domain'};
+        $tcrsid=$ENV{'request.course.id'};
+    }
+
+    return &Apache::lonnet::checkout($symb,$tuname,$tudom,$tcrsid);
+}
+
+sub printtokenheader {
+    my ($target,$token,$symb,$tuname,$tudom,$tcrsid)=@_;
+    unless ($token) { return ''; }
+
+    unless ($symb) {
+	$symb=&Apache::lonnet::symbread();
+    }
+    unless ($tuname) {
+	$tuname=$ENV{'user.name'};
+        $tudom=$ENV{'user.domain'};
+        $tcrsid=$ENV{'request.course.id'};
+    }
+
+    my %reply=&Apache::lonnet::get('environment',
+              ['firstname','middlename','lastname','generation'],
+              $tudom,$tuname);
+    my $plainname=$reply{'firstname'}.' '. 
+                  $reply{'middlename'}.' '.
+                  $reply{'lastname'}.' '.
+		  $reply{'generation'};
+
+    if ($target eq 'web') {
+	return 
+ '<img align="right" src="/cgi-bin/barcode.gif?encode='.$token.'" />'.
+               'Checked out for '.$plainname.
+               '<br />User: '.$tuname.' at '.$tudom.
+	       '<br />CourseID: '.$tcrsid.
+               '<br />DocID: '.$token.
+               '<br />Time: '.localtime().'<hr />';
+    } else {
+        return $token;
+    }
+}
+
 sub fontsettings() {
     my $headerstring='';
     if (($ENV{'browser.os'} eq 'mac') && (!$ENV{'browser.mathml'})) { 
@@ -132,6 +261,7 @@ sub fontsettings() {
 sub registerurl {
     my $forcereg=shift;
     if ($Apache::lonxml::registered) { return ''; }
+    $Apache::lonxml::registered=1;
     if (($ENV{'REQUEST_URI'}!~/^\/(res\/)*adm\//) || ($forcereg)) {
         my $hwkadd='';
         if ($ENV{'REQUEST_URI'}=~/\.(problem|exam|quiz|assess|survey|form)$/) {
@@ -169,6 +299,8 @@ ENDPARM
           menu.currentStale=0;
           menu.clearbut(3,1);
           menu.switchbutton
+       (6,3,'catalog.gif','catalog','info','catalog_info()');
+          menu.switchbutton
        (8,1,'eval.gif','evaluate','this','gopost("/adm/evaluate",currentURL)');
           menu.switchbutton
     (8,2,'fdbk.gif','feedback','on this','gopost("/adm/feedback",currentURL)');
@@ -191,13 +323,13 @@ ENDPARM
 	  menu=window.open("","LONCAPAmenu");
           menu.currentStale=1;
           menu.switchbutton
-            (3,1,'reload.gif','return','location','go(currentURL)');
+             (3,1,'reload.gif','return','location','go(currentURL)');
           menu.clearbut(7,1);
           menu.clearbut(7,2);
           menu.clearbut(7,3);
           menu.menucltim=menu.setTimeout(
  'clearbut(2,1);clearbut(2,3);clearbut(8,1);clearbut(8,2);clearbut(8,3);'+
- 'clearbut(9,1);clearbut(9,2);clearbut(9,3);',
+ 'clearbut(9,1);clearbut(9,2);clearbut(9,3);clearbut(6,3)',
 			  2000);
 
       }
@@ -276,13 +408,35 @@ sub xmlparse {
 
  my $finaloutput = &inner_xmlparse($target,\@stack,\@parstack,\@pars,
 				   $safeeval,\%style_for_target);
-
+ if ($ENV{'request.uri'}) {
+    &writeallows($ENV{'request.uri'});
+ }
  return $finaloutput;
 }
 
+sub htmlclean {
+    my ($raw,$full)=@_;
+
+    my $tree = HTML::TreeBuilder->new;
+    $tree->ignore_unknown(0);
+    
+    $tree->parse($raw);
+
+    my $output= $tree->as_HTML(undef,' ');
+     
+    $output=~s/\<(br|hr|img|meta|allow)([^\>\/]*)\>/\<$1$2 \/\>/gis;
+    $output=~s/\<\/(br|hr|img|meta|allow)\>//gis;
+    unless ($full) {
+       $output=~s/\<[\/]*(body|head|html)\>//gis;
+    }
+
+    $tree = $tree->delete;
+
+    return $output;
+}
+
 sub inner_xmlparse {
   my ($target,$stack,$parstack,$pars,$safeeval,$style_for_target)=@_;
-  &Apache::lonxml::debug('Reentrant parser starting, again?');
   my $finaloutput = '';
   my $result;
   my $token;
@@ -504,6 +658,7 @@ sub setup_globals {
   my ($target)=@_;
   $Apache::lonxml::registered = 0;
   @Apache::lonxml::pwd=();
+  @Apache::lonxml::extlinks=();
   if ($target eq 'meta') {
     $Apache::lonxml::redirection = 0;
     $Apache::lonxml::metamode = 1;
@@ -585,7 +740,10 @@ sub init_safespace {
 #need to inspect this class of ops
 # $safeeval->deny(":base_orig");
   $safeinit .= ';$external::target="'.$target.'";';
-  $safeinit .= ';$external::randomseed='.&Apache::lonnet::rndseed().';';
+  my $rndseed;
+  my ($symb,$courseid,$domain,$name) = &Apache::lonxml::whichuser();
+  $rndseed=&Apache::lonnet::rndseed($symb,$courseid,$domain,$name);
+  $safeinit .= ';$external::randomseed='.$rndseed.';';
   &Apache::run::run($safeinit,$safeeval);
 }
 
@@ -720,13 +878,19 @@ sub parstring {
 }
 
 sub writeallows {
+    unless ($#extlinks>=0) { return; }
     my $thisurl='/res/'.&Apache::lonnet::declutter(shift);
+    if ($ENV{'httpref.'.$thisurl}) {
+	$thisurl=$ENV{'httpref.'.$thisurl};
+    }
     my $thisdir=$thisurl;
     $thisdir=~s/\/[^\/]+$//;
     my %httpref=();
     map {
        $httpref{'httpref.'.
- 	        &Apache::lonnet::hreflocation($thisdir,$_)}=$thisurl;              } @extlinks;
+ 	        &Apache::lonnet::hreflocation($thisdir,$_)}=$thisurl;
+    } @extlinks;
+    @extlinks=();
     &Apache::lonnet::appenv(%httpref);
 }
 
@@ -808,7 +972,9 @@ SIMPLECONTENT
 <form method="post">
 <textarea cols="80" rows="40" name="filecont">$filecontents</textarea>
 <br />
-<input type="submit" name="savethisfile" value="Save this file" />
+<input type="submit" name="attemptclean" 
+       value="Save and then attempt to clean HTML" />
+<input type="submit" name="savethisfile" value="Save this" />
 </form>
 ENDFOOTER
       $result=~s/(\<body[^\>]*\>)/$1$editheader/is;
@@ -839,7 +1005,7 @@ sub handler {
 # Edit action? Save file.
 #
   unless ($ENV{'request.state'} eq 'published') {
-      if ($ENV{'form.savethisfile'}) {
+      if (($ENV{'form.savethisfile'}) || ($ENV{'form.attemptclean'})) {
 	  &storefile($file,$ENV{'form.filecont'});
       }
   }
@@ -859,6 +1025,11 @@ sub handler {
 ENDNOTFOUND
     $filecontents='';
   } else {
+      unless ($ENV{'request.state'} eq 'published') {
+         if ($ENV{'form.attemptclean'}) {
+	    $filecontents=&htmlclean($filecontents,1);
+         }
+      }
     $result = &Apache::lonxml::xmlparse($target,$filecontents,'',%mystyle);
   }
 
@@ -868,10 +1039,11 @@ ENDNOTFOUND
   unless ($ENV{'request.state'} eq 'published') {
       $result=&inserteditinfo($result,$filecontents);
   }
+  
+  writeallows($request->uri);
 
   $request->print($result);
 
-  writeallows($request->uri);
   return OK;
 }
  
@@ -956,6 +1128,29 @@ sub description {
   my ($token)=@_;
   return $insertlist{$insertlist{"$token->[1].num"}.'.description'};
 }
+
+# ----------------------------------------------------------------- whichuser
+# returns a list of $symb, $courseid, $domain, $name that is correct for
+# calls to lonnet functions for this setup.
+# - looks for form.grade_ parameters
+sub whichuser {
+  my $symb=&Apache::lonnet::symbread();
+  my $courseid=$ENV{'request.course.id'};
+  my $domain=$ENV{'user.domain'};
+  my $name=$ENV{'user.name'};
+  if (defined($ENV{'form.grade_symb'})) {
+    my $tmp_courseid=$ENV{'form.grade_courseid'};
+    my $allowed=&Apache::lonnet::allowed('mgr',$tmp_courseid);
+    if ($allowed) {
+      $symb=$ENV{'form.grade_symb'};
+      $courseid=$ENV{'form.grade_courseid'};
+      $domain=$ENV{'form.grade_domain'};
+      $name=$ENV{'form.grade_username'};
+    }
+  }
+  return ($symb,$courseid,$domain,$name);
+}
+
 1;
 __END__