![]() ![]() | ![]() |
Bug #1019. Allow limited HTML in templates.
1: # The LearningOnline Network 2: # Bulletin Board Handler 3: # 4: # $Id: lonbulletin.pm,v 1.5 2003/02/10 16:22:28 www Exp $ 5: # 6: # Copyright Michigan State University Board of Trustees 7: # 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA). 9: # 10: # LON-CAPA is free software; you can redistribute it and/or modify 11: # it under the terms of the GNU General Public License as published by 12: # the Free Software Foundation; either version 2 of the License, or 13: # (at your option) any later version. 14: # 15: # LON-CAPA is distributed in the hope that it will be useful, 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18: # GNU General Public License for more details. 19: # 20: # You should have received a copy of the GNU General Public License 21: # along with LON-CAPA; if not, write to the Free Software 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23: # 24: # /home/httpd/html/adm/gpl.txt 25: # 26: # http://www.lon-capa.org/ 27: # 28: 29: package Apache::lonbulletin; 30: 31: use strict; 32: use Apache::Constants qw(:common); 33: use Apache::loncommon; 34: use Apache::lonnet; 35: use Apache::lontexconvert; 36: use Apache::lonxml; 37: 38: sub handler { 39: my $r = shift; 40: $r->content_type('text/html'); 41: $r->send_http_header; 42: return OK if $r->header_only; 43: 44: # ------------------------------------------------------------ Print the screen 45: $r->print(<<ENDDOCUMENT); 46: <html> 47: <head> 48: <title>The LearningOnline Network with CAPA</title> 49: </head> 50: ENDDOCUMENT 51: my (undef,undef,undef,undef,$marker)=split(/\//,$r->uri); 52: # Is this even in a course? 53: unless ($ENV{'request.course.id'}) { 54: $r->print('<body>Not in a course</body>'); 55: return OK; 56: } 57: 58: $marker=~s/\D//g; 59: 60: unless ($marker) { 61: $r->print('<body>Invalid call</body>'); 62: return OK; 63: } 64: 65: my $dom = $ENV{'course.'.$ENV{'request.course.id'}.'.domain'}; 66: my $crs = $ENV{'course.'.$ENV{'request.course.id'}.'.num'}; 67: 68: # --------------------------------------------------------- The syllabus fields 69: my %syllabusfields=( 70: 'aaa_title' => 'Topic', 71: 'bbb_content' => 'Task', 72: 'ccc_webreferences' => 'Web References'); 73: 74: # --------------------------------------------------------------- Force Student 75: &Apache::loncommon::get_unprocessed_cgi 76: ($ENV{'QUERY_STRING'},['forcestudent']); 77: my $forcestudent=''; 78: if ($ENV{'form.forcestudent'}) { $forcestudent='student'; }; 79: 80: my %syllabus=&Apache::lonnet::dump('bulletinpage_'.$marker,$dom,$crs); 81: 82: # --------------------------------------- There is such a user, get environment 83: 84: $r->print(&Apache::loncommon::bodytag 85: ("Bulletin Board/Discussion",$forcestudent,'','',$dom)); 86: 87: my $allowed=&Apache::lonnet::allowed('srm',$ENV{'request.course.id'}); 88: 89: if ($forcestudent) { $allowed=0; } 90: 91: if ($allowed) { 92: $r->print( 93: '<p><a href="'.$r->uri.'?forcestudent=1">Show Public View</a>'. 94: &Apache::loncommon::help_open_topic('Uploaded_Templates_PublicView').'</p>'); 95: } 96: if (($ENV{'form.uploaddoc.filename'}) && 97: ($ENV{'form.storeupl'}) && ($allowed)) { 98: if ($ENV{'form.uploaddoc.filename'}=~/\.(gif|jpg|png|jpeg)$/) { 99: $syllabus{'uploaded.photourl'}= 100: &Apache::lonnet::userfileupload('uploaddoc',1); 101: } 102: $syllabus{'uploaded.lastmodified'}=time; 103: &Apache::lonnet::put('bulletinpage_'.$marker,\%syllabus,$dom,$crs); 104: } 105: if (($allowed) && ($ENV{'form.storesyl'})) { 106: foreach (keys %syllabusfields) { 107: my $field=$ENV{'form.'.$_}; 108: $field=~s/\s+$//s; 109: $field=&Apache::lonfeedback::clear_out_html($field,1); 110: $syllabus{$_}=$field; 111: } 112: $syllabus{'uploaded.lastmodified'}=time; 113: &Apache::lonnet::put('bulletinpage_'.$marker,\%syllabus,$dom,$crs); 114: } 115: 116: # ---------------------------------------------------------------- Get syllabus 117: if (($syllabus{'uploaded.lastmodified'}) || ($allowed)) { 118: if ($syllabus{'uploaded.photourl'}) { 119: $r->print('<img src="'. 120: &Apache::lonnet::tokenwrapper($syllabus{'uploaded.photourl'}). 121: '" align="right" />'); 122: } 123: if ($allowed) { 124: $r->print( 125: '<form method="post" enctype="multipart/form-data">'. 126: '<h3>Upload a Photo</h3>'. 127: '<input type="file" name="uploaddoc" size="50">'. 128: '<input type="submit" name="storeupl" value="Upload">'. 129: '</form><form method="post">'); 130: } 131: foreach (sort keys %syllabusfields) { 132: if (($syllabus{$_}) || ($allowed)) { 133: my $message=$syllabus{$_}; 134: $message=~s/\n/\<br \/\>/g; 135: $message 136: =~s/(http\:\/\/[^\s]+)/\<a href=\"$1\"\>\<tt\>$1\<\/tt\>\<\/a\>/g; 137: $message=&Apache::lontexconvert::msgtexconverted($message); 138: unless ($_ eq 'aaa_title') { 139: if (($_ ne 'bbb_content') || ($allowed)) { 140: $r->print('<h3>'.$syllabusfields{$_}.'</h3>'); 141: } 142: $r->print('<blockquote>'. 143: $message.'</blockquote>'); 144: if ($allowed) { 145: $r->print('<br /><textarea cols="80" rows="10" name="'.$_.'">'. 146: $syllabus{$_}. 147: '</textarea><input type="submit" name="storesyl" value="Store" />'); 148: } 149: } else { 150: $r->print('<h1>'.$message.'</h1>'); 151: if ($allowed) { 152: $r->print( 153: '<br />Topic<br /><textarea cols="80" rows="2" name="'.$_.'">'. 154: $syllabus{$_}. 155: '</textarea><input type="submit" name="storesyl" value="Store" />'); 156: } 157: } 158: } 159: } 160: if ($allowed) { 161: $r->print('</form>'); 162: } 163: $r->print('</p>'); 164: } else { 165: $r->print('<p>No page information provided.</p>'); 166: } 167: $r->print(&Apache::lonxml::xmlend(1,'bulletin___'.$marker.'___'. 168: 'adm/wrapper'.$r->uri).'</body></html>'); 169: return OK; 170: } 171: 172: 1; 173: __END__