--- loncom/interface/londocs.pm	2021/02/10 12:46:11	1.484.2.91
+++ loncom/interface/londocs.pm	2021/12/22 01:22:06	1.484.2.93
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.484.2.91 2021/02/10 12:46:11 raeburn Exp $
+# $Id: londocs.pm,v 1.484.2.93 2021/12/22 01:22:06 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -177,6 +177,45 @@ sub default_folderpath {
     }
 }
 
+sub validate_folderpath {
+    my ($supplementalflag) = @_;
+    if ($env{'form.folderpath'} ne '') {
+        my @items = split(/\&/,$env{'form.folderpath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+                $badpath = 1;
+            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.folderpath'});
+        }
+    }
+    return;
+}
+
+sub validate_suppath {
+    if ($env{'form.supppath'} ne '') {
+        my @items = split(/\&/,$env{'form.supppath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.supppath'});
+        }
+    }
+    return;
+}
+
 sub dumpcourse {
     my ($r) = @_;
     my $crstype = &Apache::loncommon::course_type();
@@ -3923,7 +3962,7 @@ END
             } elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
                 if (($ENV{'SERVER_PORT'} == 443) &&
                     ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                    unless (&Apache::lonnet::uses_sts()) {
+                    unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                         $url .= '?usehttp=1';
                     }
                     $nomodal = 1;
@@ -3988,7 +4027,7 @@ END
                 $url = $1;
                 $anchor = $2;
                 if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
-                    unless (&Apache::lonnet::uses_sts()) {
+                    unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                         if ($hostname ne '') {
                             $url = 'http://'.$hostname.$url;
                         }
@@ -4000,7 +4039,7 @@ END
         } elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
             if (($ENV{'SERVER_PORT'} == 443) &&
                 ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                unless (&Apache::lonnet::uses_sts()) {
+                unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                     if ($hostname ne '') {
                         $url = 'http://'.$hostname.$url;
                     }
@@ -5139,35 +5178,11 @@ sub handler {
     if ($env{'form.tools'}) { $toolsflag=1; }
 
     if ($env{'form.folderpath'} ne '') {
-        my @items = split(/\&/,$env{'form.folderpath'});
-        my $badpath;
-        for (my $i=0; $i<@items; $i++) {
-            my $odd = $i%2;
-            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
-                $badpath = 1;
-            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
-                $badpath = 1;
-            }
-            last if ($badpath);
-        }
-        if ($badpath) {
-            delete($env{'form.folderpath'});
-        }
+        &validate_folderpath($supplementalflag);
     }
 
     if ($env{'form.supppath'} ne '') {
-        my @items = split(/\&/,$env{'form.supppath'});
-        my $badpath;
-        for (my $i=0; $i<@items; $i++) {
-            my $odd = $i%2;
-            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
-                $badpath = 1;
-            }
-            last if ($badpath);
-        }
-        if ($badpath) {
-            delete($env{'form.supppath'});
-        }
+        &validate_suppath();
     }
 
     my $script='';
@@ -5225,6 +5240,9 @@ sub handler {
         } else {
             undef($env{'form.folderpath'});
         }
+        if ($env{'form.folderpath'} ne '') {
+            &validate_folderpath($supplementalflag);
+        }
     }
    
 # If we are not allowed to make changes, all we can see are supplemental docs
@@ -6584,7 +6602,7 @@ sub editing_js {
                 if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
                     if (($ENV{'SERVER_PORT'} == 443) &&
                         ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                        unless (&Apache::lonnet::uses_sts()) {
+                        unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                             if ($hostname ne '') {
                                 $backtourl = 'http://'.$hostname.$backtourl;
                             }
@@ -6593,7 +6611,7 @@ sub editing_js {
                     }
                 } elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
                     if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
-                        unless (&Apache::lonnet::uses_sts()) {
+                        unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                             if ($hostname ne '') {
                                 $backtourl = 'http://'.$hostname.$backtourl;
                             }