--- loncom/interface/Attic/lonspreadsheet.pm	2002/12/02 16:39:30	1.151
+++ loncom/interface/Attic/lonspreadsheet.pm	2002/12/03 10:04:21	1.153
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.151 2002/12/02 16:39:30 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.153 2002/12/03 10:04:21 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -62,6 +62,7 @@ use Safe;
 use Safe::Hole;
 use Opcode;
 use GDBM_File;
+use HTML::Entities();
 use HTML::TokeParser;
 use Spreadsheet::WriteExcel;
 
@@ -1247,27 +1248,28 @@ sub html_editable_cell {
         if ($formula ne '') {
             $value = '<i>undefined value</i>';
         }
-    }
-    if ($value =~ /^\s*$/ ) {
+    } elsif ($value =~ /^\s*$/ ) {
         $value = '<font color="'.$bgcolor.'">#</font>';
+    } else {
+        $value = &HTML::Entities::encode($value);
     }
-    &Apache::lonnet::logthis($name.' formula = '.$formula) if ($formula);
-    $formula =~ s/</\&lt;/g;
-    $formula =~ s/>/\&gt;/g;
-    $formula =~ s/\&/\&amp;/g;
-    $formula =~ s/\"/\&quot;/g;
-    $formula =~ s/\'/\&quot;/g;
+    # Make the formula safe for outputting
+    $formula =~ s/\'/\"/g;
+    # The formula will be parsed by the browser *twice* before being 
+    # displayed to the user for editing.
+    $formula = &HTML::Entities::encode(&HTML::Entities::encode($formula));
+    # Escape newlines so they make it into the edit window
     $formula =~ s/\n/\\n/gs;
-    &Apache::lonnet::logthis($name.' formula = '.$formula) if ($formula);
+    # Glue everything together
     $result .= "<a href=\"javascript:celledit(\'".
         $name."','".$formula."');\">".$value."</a>";
-    &Apache::lonnet::logthis('result = '.$result) if ($formula);
     return $result;
 }
 
 sub html_uneditable_cell {
     my ($cell,$bgcolor) = @_;
     my $value = (defined($cell) ? $cell->{'value'} : '');
+    $value = &HTML::Entities::encode($value);
     return '&nbsp;'.$value.'&nbsp;';
 }
 
@@ -1336,7 +1338,7 @@ END
     ####################################
     # Print out summary/export row
     ####################################
-    my ($rowlabel,@rowdata) = &get_row($sheet,'0');
+    ($rowlabel,@rowdata) = &get_row($sheet,'0');
     $row_html = '<tr><td>'.&format_html_rowlabel($sheet,$rowlabel).'</td>';
     $num_cols_output = 0;
     foreach my $cell (@rowdata) {
@@ -1925,7 +1927,10 @@ sub tmpwrite {
     $fn=$tmpdir.$fn.'.tmp';
     my $fh;
     if ($fh=Apache::File->new('>'.$fn)) {
-	print $fh join("\n",&getformulas($sheet));
+        my %f = &getformulas($sheet);
+        while( my ($cell,$formula) = each(%f)) {
+            print $fh &Apache::lonnet::escape($cell)."=".&Apache::lonnet::escape($formula)."\n";
+        }
     }
 }
 
@@ -1941,32 +1946,36 @@ sub tmpread {
     my %fo=();
     my $countrows=0;
     if ($fh=Apache::File->new($fn)) {
-        my $name;
-        while ($name=<$fh>) {
-	    chomp($name);
-            my $value=<$fh>;
-            chomp($value);
-            $fo{$name}=$value;
-            if ($name=~/^A(\d+)$/) {
-		if ($1>$countrows) {
-		    $countrows=$1;
-                }
-            }
-        }
-    }
+        while (<$fh>) {
+	    chomp;
+            my ($cell,$formula) = split(/=/);
+            $cell    = &Apache::lonnet::unescape($cell);
+            $formula = &Apache::lonnet::unescape($formula);
+            $fo{$cell} = $formula;
+        }
+    }
+#            chomp($value);
+#            $fo{$name}=$value;
+#            if ($name=~/^A(\d+)$/) {
+#		if ($1>$countrows) {
+#		    $countrows=$1;
+#                }
+#            }
+#        }
+#    }
     if ($nform eq 'changesheet') {
         $fo{'A'.$nfield}=(split(/__&&&\__/,$fo{'A'.$nfield}))[0];
         unless ($ENV{'form.sel_'.$nfield} eq 'Default') {
 	    $fo{'A'.$nfield}.='__&&&__'.$ENV{'form.sel_'.$nfield};
         }
-    } elsif ($nfield eq 'insertrow') {
-        $countrows++;
-        my $newrow=substr('000000'.$countrows,-7);
-        if ($nform eq 'top') {
-	    $fo{'A'.$countrows}='--- '.$newrow;
-        } else {
-            $fo{'A'.$countrows}='~~~ '.$newrow;
-        }
+#    } elsif ($nfield eq 'insertrow') {
+#        $countrows++;
+#        my $newrow=substr('000000'.$countrows,-7);
+#        if ($nform eq 'top') {
+#	    $fo{'A'.$countrows}='--- '.$newrow;
+#        } else {
+#            $fo{'A'.$countrows}='~~~ '.$newrow;
+#        }
     } else {
        if ($nfield) { $fo{$nfield}=$nform; }
     }
@@ -3085,8 +3094,9 @@ ENDSCRIPT
     if ($ENV{'form.unewfield'}) {
         $r->print('<h2>Modified Workcopy</h2>');
         $ENV{'form.unewformula'}=~s/\'/\"/g;
-        $r->print('<p>New formula: '.$ENV{'form.unewfield'}.'='.
-                  $ENV{'form.unewformula'}.'<p>');
+        $r->print('<p>Cell '.$ENV{'form.unewfield'}.' = <pre>');
+        $r->print(&HTML::Entities::encode($ENV{'form.unewformula'}).
+                  '</pre></p>');
         $sheet->{'filename'} = $ENV{'form.ufn'};
         &tmpread($sheet,$ENV{'form.unewfield'},$ENV{'form.unewformula'});
     } elsif ($ENV{'form.saveas'}) {