--- loncom/interface/loncreateuser.pm	2008/07/16 12:32:11	1.249.2.4
+++ loncom/interface/loncreateuser.pm	2008/07/17 20:05:14	1.257
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.249.2.4 2008/07/16 12:32:11 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.257 2008/07/17 20:05:14 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1397,30 +1397,24 @@ sub modify_login_block {
 
 sub personal_data_display {
     my ($ccuname,$ccdomain,$newuser,$context,$inst_results,$rolesarray) = @_;
-    my ($output,$showforceid,%userenv,%canmodify,@inststatuses);
+    my ($output,$showforceid,%userenv,%canmodify);
     my @userinfo = ('firstname','middlename','lastname','generation',
                     'permanentemail','id');
     my $rowcount = 0;
     my $editable = 0;
-    if ($context eq 'selfcreate') {
-        if (ref($inst_results) eq 'HASH') {
-            @inststatuses = &get_inststatuses($inst_results);
-            if (@inststatuses == 0) {
-                @inststatuses = ('default');
-            }
-            $rolesarray = \@inststatuses;
-        }
-    }
     if (!$newuser) {
         # Get the users information
         %userenv = &Apache::lonnet::get('environment',
                    ['firstname','middlename','lastname','generation',
                     'permanentemail','id'],$ccdomain,$ccuname);
     }
-    if ((!$newuser) || ($context eq 'selfcreate')) {
+    if (!$newuser) {
         %canmodify =
             &Apache::lonuserutils::can_modify_userinfo($context,$ccdomain,
                                                        \@userinfo,$rolesarray);
+    } elsif ($context eq 'selfcreate') {
+        %canmodify = &selfcreate_canmodify($context,$ccdomain,\@userinfo,
+                                           $inst_results,$rolesarray);
     }
     my %lt=&Apache::lonlocal::texthash(
                 'pd'             => "Personal Data",
@@ -1456,7 +1450,7 @@ sub personal_data_display {
                     $row .= '<input type="hidden" name="c'.$item.'" value="'.$inst_results->{$item}.'" />'.$inst_results->{$item};
                 } else {
                     if ($context eq 'selfcreate') {
-                        if ($canmodify{$item}) {
+                        if ($canmodify{$item}) { 
                             $row .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="" />';
                             $editable ++;
                         } else {
@@ -1506,6 +1500,21 @@ sub personal_data_display {
     }
 }
 
+sub selfcreate_canmodify {
+    my ($context,$dom,$userinfo,$inst_results,$rolesarray) = @_;
+    if (ref($inst_results) eq 'HASH') {
+        my @inststatuses = &get_inststatuses($inst_results);
+        if (@inststatuses == 0) {
+            @inststatuses = ('default');
+        }
+        $rolesarray = \@inststatuses;
+    }
+    my %canmodify =
+        &Apache::lonuserutils::can_modify_userinfo($context,$dom,$userinfo,
+                                                   $rolesarray);
+    return %canmodify;
+}
+
 sub get_inststatuses {
     my ($insthashref) = @_;
     my @inststatuses = ();
@@ -3610,15 +3619,15 @@ sub visible_in_cat {
         $cathash = $domconf{'coursecategories'}{'cats'};
     }
     if ($settable{'togglecats'} && $settable{'categories'}) {
-        $cansetvis = &mt('You are able to both assign a course category and choose to exclude this course from the catalog.');
+        $cansetvis = &mt('You are able to both assign a course category and choose to exclude this course from the catalog.');   
     } elsif ($settable{'togglecats'}) {
-        $cansetvis = &mt('You are able to choose to exclude this course from the catalog, but only a Domain Coordinator may assign a course category.');
+        $cansetvis = &mt('You are able to choose to exclude this course from the catalog, but only a Domain Coordinator may assign a course category.'); 
     } elsif ($settable{'categories'}) {
-        $cansetvis = &mt('You may assign a course category, but only a Domain Coordinator may choose to exclude this course from the catalog.');
+        $cansetvis = &mt('You may assign a course category, but only a Domain Coordinator may choose to exclude this course from the catalog.');  
     } else {
-        $cansetvis = &mt('Only a Domain Coordinator may assign a course category or choose to exclude this course from the catalog.');
+        $cansetvis = &mt('Only a Domain Coordinator may assign a course category or choose to exclude this course from the catalog.'); 
     }
-
+     
     my %currsettings =
         &Apache::lonnet::get('environment',['hidefromcat','categories','internal.coursecode'],
                              $cdom,$cnum);
@@ -3628,7 +3637,7 @@ sub visible_in_cat {
             $cathash = $domconf{'coursecategories'}{'cats'};
             if (ref($cathash) eq 'HASH') {
                 if ($cathash->{'instcode::0'} eq '') {
-                    push(@vismsgs,'dc_addinst');
+                    push(@vismsgs,'dc_addinst'); 
                 } else {
                     $visible = 1;
                 }
@@ -3667,7 +3676,7 @@ sub visible_in_cat {
                         }
                     }
                     if (!$matched) {
-                        if ($settable{'categories'}) {
+                        if ($settable{'categories'}) { 
                             push(@vismsgs,'chgcat');
                         } else {
                             push(@vismsgs,'dc_chgcat');
@@ -3678,7 +3687,7 @@ sub visible_in_cat {
         }
     } else {
         if (ref($cathash) eq 'HASH') {
-            if ((keys(%{$cathash}) > 1) ||
+            if ((keys(%{$cathash}) > 1) || 
                 (keys(%{$cathash}) == 1) && ($cathash->{'instcode::0'} eq '')) {
                 if ($settable{'categories'}) {
                     push(@vismsgs,'addcat');
@@ -3738,13 +3747,14 @@ sub selfenroll_inst_types {
                 $output .= '</tr><tr>';
             }
             if (defined($usertypes->{$type})) {
+                my $esc_type = &escape($type);
                 $output .= '<td><span class="LC_nobreak"><label><input type = "checkbox" value="'.
-                           $type.'" ';
+                           $esc_type.'" ';
                 if (ref($currinsttypes) eq 'ARRAY') {
                     if (@{$currinsttypes} > 0) {
                         if (grep(/^any$/,@{$currinsttypes})) {
                             $output .= 'checked="checked"';
-                        } elsif (grep(/^\Q$type\E$/,@{$currinsttypes})) {
+                        } elsif (grep(/^\Q$esc_type\E$/,@{$currinsttypes})) {
                             $output .= 'checked="checked"';
                         }
                     } else {
@@ -4734,8 +4744,9 @@ sub update_selfenroll_config {
                             my $othervalue = 'any';
                             if ((ref($types) eq 'ARRAY') && (ref($usertypes) eq 'HASH')) {
                                 if (@{$types} > 0) {
+                                    my @esc_types = map { &escape($_); } @{$types};
                                     $othervalue = 'other';
-                                    $typestr = join(',',(@{$types},$othervalue));
+                                    $typestr = join(',',($othervalue,@esc_types));
                                 }
                                 $typestr = $othervalue;
                             } else {
@@ -4871,7 +4882,7 @@ sub update_selfenroll_config {
             }
             $r->print($cansetvis);
         }
-    }
+    } 
     return;
 }