--- loncom/interface/loncommon.pm	2013/12/30 00:34:49	1.1168
+++ loncom/interface/loncommon.pm	2014/02/11 14:29:04	1.1173
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1168 2013/12/30 00:34:49 raeburn Exp $
+# $Id: loncommon.pm,v 1.1173 2014/02/11 14:29:04 kruse Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -3890,7 +3890,7 @@ sub get_previous_attempt {
                       if ($key =~/$regexp$/ && (defined &$gradesub)) {
                           $value = &$gradesub($value);
                       }
-                      $prevattempts.='<td>'.$value.'&nbsp;</td>';
+                      $prevattempts.='<td>'. $value.'&nbsp;</td>';
                   } else {
                       $prevattempts.='<td>&nbsp;</td>';
                   }
@@ -3906,7 +3906,7 @@ sub get_previous_attempt {
 	      if ($key =~/$regexp$/ && (defined &$gradesub)) {
                   $value = &$gradesub($value);
               }
-	      $prevattempts.='<td>'.$value.'&nbsp;</td>';
+	     $prevattempts.='<td>'.$value.'&nbsp;</td>';
           }
       }
       $prevattempts.= &end_data_table_row().&end_data_table();
@@ -3927,11 +3927,13 @@ sub get_previous_attempt {
 sub format_previous_attempt_value {
     my ($key,$value) = @_;
     if (($key =~ /timestamp/) || ($key=~/duedate/)) {
-	$value = &Apache::lonlocal::locallocaltime($value);
+        $value = &Apache::lonlocal::locallocaltime($value);
     } elsif (ref($value) eq 'ARRAY') {
-	$value = '('.join(', ', @{ $value }).')';
+        $value = &HTML::Entities::encode('('.join(', ', @{ $value }).')','"<>&');
     } elsif ($key =~ /answerstring$/) {
         my %answers = &Apache::lonnet::str2hash($value);
+        my @answer = %answers;
+        %answers = map {&HTML::Entities::encode($_, '"<>&')} @answer;
         my @anskeys = sort(keys(%answers));
         if (@anskeys == 1) {
             my $answer = $answers{$anskeys[0]};
@@ -3954,7 +3956,7 @@ sub format_previous_attempt_value {
             } 
         }
     } else {
-	$value = &unescape($value);
+        $value = &HTML::Entities::encode(&unescape($value), '"<>&');
     }
     return $value;
 }
@@ -5228,10 +5230,11 @@ sub bodytag {
         }
         $bodytag .= qq|<div id="LC_realm">$realm $dc_info</div>|;
 
-        #don't show menus for public users
+        #if directed to not display the secondary menu, don't.  
         if ($args->{'no_secondary_menu'}) {
             return $bodytag;
         }
+        #don't show menus for public users
         if (!$public){
             $bodytag .= Apache::lonmenu::secondary_menu($httphost);
             $bodytag .= Apache::lonmenu::serverform();
@@ -14005,6 +14008,9 @@ sub construct_course {
                    'categories',
                    'internal.uniquecode'],
                    $$crsudom,$$crsunum);
+        if ($args->{'textbook'}) {
+            $cenv{'internal.textbook'} = $args->{'textbook'};
+        }
     }
 
 #
@@ -14884,12 +14890,12 @@ sub captcha_display {
     if ($captcha eq 'original') {
         $output = &create_captcha();
         unless ($output) {
-            $error = 'captcha'; 
+            $error = 'captcha';
         }
     } elsif ($captcha eq 'recaptcha') {
         $output = &create_recaptcha($pubkey);
         unless ($output) {
-            $error = 'recaptcha'; 
+            $error = 'recaptcha';
         }
     }
     return ($output,$error);
@@ -14969,7 +14975,7 @@ sub create_captcha {
             $output = '<input type="hidden" name="crypt" value="'.$md5sum.'" />'."\n".
                       &mt('Type in the letters/numbers shown below').'&nbsp;'.
                      '<input type="text" size="5" name="code" value="" /><br />'.
-                     '<img src="'.$captcha_params{'www_output_dir'}.'/'.$md5sum.'.png" />';
+                     '<img src="'.$captcha_params{'www_output_dir'}.'/'.$md5sum.'.png" alt="captcha" />';
             last;
         }
     }