--- loncom/interface/londocs.pm 2017/07/10 12:48:41 1.633
+++ loncom/interface/londocs.pm 2017/08/14 14:54:29 1.635
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: londocs.pm,v 1.633 2017/07/10 12:48:41 raeburn Exp $
+# $Id: londocs.pm,v 1.635 2017/08/14 14:54:29 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -5200,6 +5200,12 @@ sub handler {
$disabled = ' disabled="disabled"';
}
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['inhibitmenu']);
+ if ($env{'form.inhibitmenu'}) {
+ unless ($env{'form.inhibitmenu'} eq 'yes') {
+ delete($env{'form.inhibitmenu'});
+ }
+ }
+
if ($allowed && $env{'form.verify'}) {
&init_breadcrumbs('verify','Verify Content','Docs_Verify_Content');
&verifycontent($r);
@@ -5282,6 +5288,26 @@ sub handler {
'forcesupplement','forcestandard',
'tools','symb','command','supppath']);
+ foreach my $item ('forcesupplement','forcestandard','tools') {
+ next if ($env{'form.'.$item} eq '');
+ unless ($env{'form.'.$item} eq '1') {
+ delete($env{'form.'.$item});
+ }
+ }
+
+ if ($env{'form.command'}) {
+ unless ($env{'form.command'} =~ /^(direct|directnav|editdocs|editsupp|contents|home)$/) {
+ delete($env{'form.command'});
+ }
+ }
+
+ if ($env{'form.symb'}) {
+ my ($mapurl,$id,$resurl) = &Apache::lonnet::decode_symb($env{'form.symb'});
+ unless (($id =~ /^\d+$/) && (&Apache::lonnet::is_on_map($resurl))) {
+ delete($env{'form.symb'});
+ }
+ }
+
# standard=1: this is a "new-style" course with an uploaded map as top level
# standard=2: this is a "old-style" course, and there is nothing we can do
@@ -5304,6 +5330,38 @@ sub handler {
my $toolsflag=0;
if ($env{'form.tools'}) { $toolsflag=1; }
+ if ($env{'form.folderpath'} ne '') {
+ my @items = split(/\&/,$env{'form.folderpath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+ $badpath = 1;
+ } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.folderpath'});
+ }
+ }
+
+ if ($env{'form.supppath'} ne '') {
+ my @items = split(/\&/,$env{'form.supppath'});
+ my $badpath;
+ for (my $i=0; $i<@items; $i++) {
+ my $odd = $i%2;
+ if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+ $badpath = 1;
+ }
+ last if ($badpath);
+ }
+ if ($badpath) {
+ delete($env{'form.supppath'});
+ }
+ }
+
my $script='';
my $showdoc=0;
my $addentries = {};
@@ -6574,6 +6632,7 @@ my %suporderhash = (
sub embedded_form_elems {
my ($phase,$primaryurl,$newidx) = @_;
my $folderpath = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
+ $newidx =~s /\D+//g;
return <
@@ -6594,7 +6653,11 @@ sub embedded_destination {
} elsif ($folder =~ /^(default|supplemental)_(\d+)$/) {
$destination .= $2.'/';
}
- $destination .= $env{'form.newidx'};
+ my $newidx = $env{'form.newidx'};
+ $newidx =~s /\D+//g;
+ if ($newidx) {
+ $destination .= $newidx;
+ }
my $dir_root = '/userfiles';
return ($destination,$dir_root);
}
@@ -6620,6 +6683,9 @@ sub decompression_info {
}
unshift(@hiddens,$pathitem);
foreach my $item (@hiddens) {
+ if ($item eq 'newidx') {
+ next if ($env{'form.'.$item} =~ /\D/);
+ }
if ($env{'form.'.$item}) {
$hiddenelem .= ''."\n";