--- loncom/interface/londocs.pm	2021/02/10 13:34:22	1.484.2.85.2.8
+++ loncom/interface/londocs.pm	2023/01/20 16:30:43	1.484.2.93.2.8
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.484.2.85.2.8 2021/02/10 13:34:22 raeburn Exp $
+# $Id: londocs.pm,v 1.484.2.93.2.8 2023/01/20 16:30:43 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -178,6 +178,45 @@ sub default_folderpath {
     }
 }
 
+sub validate_folderpath {
+    my ($supplementalflag) = @_;
+    if ($env{'form.folderpath'} ne '') {
+        my @items = split(/\&/,$env{'form.folderpath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+                $badpath = 1;
+            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.folderpath'});
+        }
+    }
+    return;
+}
+
+sub validate_suppath {
+    if ($env{'form.supppath'} ne '') {
+        my @items = split(/\&/,$env{'form.supppath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.supppath'});
+        }
+    }
+    return;
+}
+
 sub dumpcourse {
     my ($r) = @_;
     my $crstype = &Apache::loncommon::course_type();
@@ -754,6 +793,8 @@ sub group_import {
                             if (@deleted) {
                                 &Apache::lonnet::del('exttool_'.$marker,\@deleted,$coursedom,$coursenum);
                             }
+                        } else {
+                            return (&mt('Failed to save update to external tool.'),1);
                         }
                     }
                 }
@@ -1099,7 +1140,11 @@ sub docs_change_log {
 	}
 	$r->print('</ul>');
 	if ($docslog{$id}{'logentry'}{'parameter_res'}) {
-	    $r->print(&LONCAPA::map::qtescape((split(/\:/,$docslog{$id}{'logentry'}{'parameter_res'}))[0]).':<ul>');
+            my ($title,$url) = split(/\:/,$docslog{$id}{'logentry'}{'parameter_res'},3);
+            if ($title eq '') {
+                ($title) = ($url =~ m{/([^/]+)$});
+            }
+            $r->print(&LONCAPA::map::qtescape($title).':<ul>');
 	    foreach my $parameter ('randompick','hiddenresource','encrypturl','randomorder') {
 		if ($docslog{$id}{'logentry'}{'parameter_action_'.$parameter}) {
 # FIXME: internationalization seems wrong here
@@ -1405,7 +1450,7 @@ sub print_paste_buffer {
             }
             $pasteitems .= '<label><input type="checkbox" name="pasting" id="pasting_'.$suffix.'" value="'.$suffix.'" '.$onclick.'/>'.$buffer.'</label>';
             if ($nopaste) {
-                 $pasteitems .= $nopaste;   
+                 $pasteitems .= ' <span class="LC_cusr_emph">'.$nopaste.'</span>';   
             } else {
                 if ($othercrs) {
                     $pasteitems .= $othercrs;
@@ -2675,6 +2720,15 @@ sub apply_fixups {
             $storefn =~ s/^((?:default|supplemental)_)(\d+)/$1$newsubdir{$key}/;
         }
         my $mapcontent = &Apache::lonnet::getfile($key);
+        if (($mapcontent eq '-1') && ($before{'map'} eq 'supplemental') &&
+            ($after{'map'} eq 'default') &&
+            ($key =~ m{^/uploaded/$match_domain/$match_courseid/supplemental_\d+\.sequence$})) {
+            $mapcontent = '<map>'."\n".
+                          '<resource id="1" src="" type="start" />'."\n".
+                          '<link from="1" to="2" index="1" />'."\n".
+                          '<resource id="2" src="" type="finish" />'."\n".
+                          '</map>';
+        }
         if ($mapcontent eq '-1') {
             if (ref($errors) eq 'HASH') {
                 $errors->{$key} = 1;
@@ -2957,7 +3011,7 @@ sub update_parameter {
             my ($name,$url)=split(/\:/,$LONCAPA::map::resources[$res]);
             $name=&LONCAPA::map::qtescape($name);
             $url=&LONCAPA::map::qtescape($url);
-            next unless ($name && $url);
+            next unless $url;
             my $is_map;
             if ($url =~ m{/uploaded/.+\.(page|sequence)$}) {
                 $is_map = 1;
@@ -3827,7 +3881,7 @@ sub entryline {
     my $line=&Apache::loncommon::start_data_table_row();
     my ($form_start,$form_end,$form_common,$form_param);
 # Edit commands
-    my ($esc_path, $path, $symb);
+    my ($esc_path, $path, $symb, $shownsymb);
     if ($env{'form.folderpath'}) {
 	$esc_path=&escape($env{'form.folderpath'});
 	$path = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
@@ -4089,36 +4143,16 @@ END
             } elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
                 if (($ENV{'SERVER_PORT'} == 443) &&
                     ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                    unless (&Apache::lonnet::uses_sts()) {
+                    unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                         $url .= '?usehttp=1';
                     }
                     $nomodal = 1;
                 }
 	    }
-            if (&Apache::lonnet::symbverify($symb,$url)) {
-                my $shownsymb = $symb;
-                if ($isexternal) {
-                    $url =~ s/\#[^#]+$//;
-                    if ($container eq 'page') {
-                        $url = &Apache::lonnet::clutter($url);
-                    }
-                }
-                unless ($env{'request.role.adv'}) {
-                    if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
-                        $url = '';
-                    }
-                    if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
-                        $url = '';
-                        $hiddenres = 1;
-                    }
-                }
-                if ($url ne '') {
-                    $url.=(($url=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
-                }
-            } elsif (!$env{'request.role.adv'}) {
-                my $checkencrypt;
+            my ($checkencrypt,$shownurl);
+            if (!$env{'request.role.adv'}) {
                 if (((&LONCAPA::map::getparameter($orderidx,'parameter_encrypturl'))[0]=~/^yes$/i) ||
-                      $isencrypted || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
+                    ($isencrypted) || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
                     $checkencrypt = 1;
                 } elsif (ref($navmapref)) {
                     unless (ref($$navmapref)) {
@@ -4130,22 +4164,39 @@ END
                         }
                     }
                 }
-                if ($checkencrypt) {
-                    my $shownsymb = &Apache::lonenc::encrypted($symb);
-                    my $shownurl = &Apache::lonenc::encrypted($url);
-                    if (&Apache::lonnet::symbverify($shownsymb,$shownurl)) {
-                        $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
-                        if ($env{'request.enc'} ne '') {
-                            delete($env{'request.enc'});
-                        }
-                    } else {
-                        $url='';
-                    }
+            }
+            if ($checkencrypt) {
+                my $currenc = $env{'request.enc'};
+                $env{'request.enc'} = 1;
+                $shownsymb = &Apache::lonenc::encrypted($symb);
+                $shownurl = &Apache::lonenc::encrypted($url);
+                if (&Apache::lonnet::symbverify($symb,$url)) {
+                    $url = $shownurl;
                 } else {
-                    $url='';
+                    $url = '';
+                }
+                $env{'request.enc'} = $currenc;
+            } elsif (&Apache::lonnet::symbverify($symb,$url)) {
+                $shownsymb = $symb;
+                if ($isexternal) {
+                    $url =~ s/\#[^#]+$//;
+                    if ($container eq 'page') {
+                        $url = &Apache::lonnet::clutter($url);
+                    }
+                }
+                $shownurl = $url;
+            }
+            unless ($env{'request.role.adv'}) {
+                if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
+                    $url = '';
+                }
+                if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
+                    $url = '';
+                    $hiddenres = 1;
                 }
-            } else {
-                $url='';
+            }
+            if ($url ne '') {
+                $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
             }
 	}
     } elsif ($supplementalflag) {
@@ -4154,7 +4205,7 @@ END
                 $url = $1;
                 $anchor = $2;
                 if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
-                    unless (&Apache::lonnet::uses_sts()) {
+                    unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                         if ($hostname ne '') {
                             $url = 'http://'.$hostname.$url;
                         }
@@ -4166,7 +4217,7 @@ END
         } elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
             if (($ENV{'SERVER_PORT'} == 443) &&
                 ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                unless (&Apache::lonnet::uses_sts()) {
+                unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                     if ($hostname ne '') {
                         $url = 'http://'.$hostname.$url;
                     }
@@ -4305,7 +4356,7 @@ $form_end;
                     &Apache::lonhtmlcommon::jump_to_editres($cfile,$home,
                                                             $switchserver,
                                                             $forceedit,
-                                                            undef,$symb,
+                                                            undef,$symb,$shownsymb,
                                                             &escape($env{'form.folderpath'}),
                                                             $renametitle,$hostname,
                                                             '','',1,$suppanchor);
@@ -5234,11 +5285,11 @@ sub handler {
 #
 # --------------------------------------------- Initialize help topics for this
     foreach my $topic ('Adding_Course_Doc','Main_Course_Documents',
-                       'Adding_External_Resource','Adding_External_Tool',
+	               'Adding_External_Resource','Adding_External_Tool',
                        'Navigate_Content','Adding_Folders','Docs_Overview',
-                       'Load_Map','Supplemental','Score_Upload_Form',
-                       'Adding_Pages','Importing_LON-CAPA_Resource',
-                       'Importing_IMS_Course','Uploading_From_Harddrive',
+	               'Load_Map','Supplemental','Score_Upload_Form', 
+	               'Adding_Pages','Importing_LON-CAPA_Resource',
+	               'Importing_IMS_Course','Uploading_From_Harddrive',
                        'Course_Roster','Web_Page','Dropbox','Simple_Problem') {
 	$help{$topic}=&Apache::loncommon::help_open_topic('Docs_'.$topic);
     }
@@ -5366,35 +5417,11 @@ sub handler {
     if ($env{'form.tools'}) { $toolsflag=1; }
 
     if ($env{'form.folderpath'} ne '') {
-        my @items = split(/\&/,$env{'form.folderpath'});
-        my $badpath;
-        for (my $i=0; $i<@items; $i++) {
-            my $odd = $i%2;
-            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
-                $badpath = 1;
-            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
-                $badpath = 1;
-            }
-            last if ($badpath);
-        }
-        if ($badpath) {
-            delete($env{'form.folderpath'});
-        }
+        &validate_folderpath($supplementalflag);
     }
 
     if ($env{'form.supppath'} ne '') {
-        my @items = split(/\&/,$env{'form.supppath'});
-        my $badpath;
-        for (my $i=0; $i<@items; $i++) {
-            my $odd = $i%2;
-            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
-                $badpath = 1;
-            }
-            last if ($badpath);
-        }
-        if ($badpath) {
-            delete($env{'form.supppath'});
-        }
+        &validate_suppath();
     }
 
     my $script='';
@@ -5453,6 +5480,9 @@ sub handler {
         } else {
             undef($env{'form.folderpath'});
         }
+        if ($env{'form.folderpath'} ne '') {
+            &validate_folderpath($supplementalflag);
+        }
     }
    
 # If we are not allowed to make changes, all we can see are supplemental docs
@@ -5726,7 +5756,7 @@ sub handler {
 		'lnks' => 'Import from Stored Links',
                 'impm' => 'Import from Assembled Map',
                 'extr' => 'External Resource',
-                'extt' => 'External Tool', 
+                'extt' => 'External Tool',
                 'selm' => 'Select Map',
                 'load' => 'Load Map',
                 'newf' => 'New Folder',
@@ -6374,7 +6404,8 @@ my %suporderhash = (
         }
     } elsif ($supplementalflag) {
         my $error = &editor($r,$coursenum,$coursedom,$folder,$allowed,'',$crstype,
-                            $supplementalflag,'',$iconpath,$pathitem,'',$hostname);
+                            $supplementalflag,'',$iconpath,$pathitem,'',$canedit,
+                            $hostname);
         if ($error) {
             $r->print('<p><span class="LC_error">'.$error.'</span></p>');
         }
@@ -6845,7 +6876,7 @@ sub editing_js {
                 if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
                     if (($ENV{'SERVER_PORT'} == 443) &&
                         ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                        unless (&Apache::lonnet::uses_sts()) {
+                        unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                             if ($hostname ne '') {
                                 $backtourl = 'http://'.$hostname.$backtourl;
                             }
@@ -6854,7 +6885,7 @@ sub editing_js {
                     }
                 } elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
                     if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
-                        unless (&Apache::lonnet::uses_sts()) {
+                        unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                             if ($hostname ne '') {
                                 $backtourl = 'http://'.$hostname.$backtourl;
                             }