--- loncom/interface/londocs.pm	2017/07/10 12:48:41	1.633
+++ loncom/interface/londocs.pm	2017/08/31 20:02:35	1.639
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.633 2017/07/10 12:48:41 raeburn Exp $
+# $Id: londocs.pm,v 1.639 2017/08/31 20:02:35 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -4588,7 +4588,7 @@ sub untiehash {
 
 
 sub checkonthis {
-    my ($r,$url,$level,$title)=@_;
+    my ($r,$url,$level,$title,$checkstale)=@_;
     $url=&unescape($url);
     $alreadyseen{$url}=1;
     $r->rflush();
@@ -4603,10 +4603,22 @@ sub checkonthis {
        $r->print('<a href="'.$url.'" target="cat">'.
 		 ($title?$title:$url).'</a> ');
        if ($url=~/^\/res\//) {
+          my $updated;
+          if (($checkstale) && ($url !~ m{^/res/lib/templates/}) &&
+              ($url !~ /\.\d+\.\w+$/)) {
+              $updated = &Apache::lonnet::remove_stale_resfile($url);
+          }
 	  my $result=&Apache::lonnet::repcopy(
                               &Apache::lonnet::filelocation('',$url));
           if ($result eq 'ok') {
              $r->print('<span class="LC_success">'.&mt('ok').'</span>');
+             if ($updated) {
+                 $r->print('<br />');
+                 for (my $i=0;$i<=$level*5;$i++) {
+                     $r->print('&nbsp;');
+                 }
+                 $r->print('- '.&mt('Outdated copy removed'));
+             }
              $r->rflush();
              &Apache::lonnet::countacc($url);
              $url=~/\.(\w+)$/;
@@ -4640,7 +4652,7 @@ sub checkonthis {
                 &Apache::lonnet::metadata($url,'dependencies');
              foreach my $dep (split(/\,/,$dependencies)) {
 		 if (($dep=~/^\/res\//) && (!$alreadyseen{$dep})) {
-                    &checkonthis($r,$dep,$level+1);
+                    &checkonthis($r,$dep,$level+1,'',$checkstale);
                  }
              }
           } elsif ($result eq 'unavailable') {
@@ -4654,6 +4666,9 @@ sub checkonthis {
           } else {
              $r->print('<span class="LC_error">'.&mt('access denied').'</span>');
           }
+          if (($updated) && ($result ne 'ok')) {
+              $r->print('<br />'.&mt('Outdated copy removed'));
+          }
        }
     }
 }
@@ -4706,9 +4721,29 @@ sub list_symbs {
     $r->print(&endContentScreen());
 }
 
+sub contentverifyform {
+    my ($r) = @_;
+    my $crstype = &Apache::loncommon::course_type();
+    $r->print(&Apache::loncommon::start_page('Verify '.$crstype.' Content'));
+    $r->print(&Apache::lonhtmlcommon::breadcrumbs('Verify '.$crstype.' Content'));
+    $r->print(&startContentScreen('tools'));
+    $r->print('<h4 class="LC_info">'.&mt($crstype.' content verification').'</h4>');
+    $r->print('<form method="post" action="/adm/coursedocs"><p>'.
+              &mt('Include a check if files copied from elsewhere are up to date (will increase verification time)?').
+              '&nbsp;<span class="LC_nobreak">'.
+              '<label><input type="radio" name="checkstale" value="0" checked="checked" />'.
+              &mt('No').'</label>'.('&nbsp;'x2).
+              '<label><input type="radio" name="checkstale" value="1" />'.
+              &mt('Yes').'</label></span></p><p>'.
+              '<input type="submit" value="'.&mt('Verify content').' "/>'.
+              '<input type="hidden" value="1" name="tools" />'.
+              '<input type="hidden" value="1" name="verify" /></p></form>');
+    $r->print(&endContentScreen());
+    return;
+}
 
 sub verifycontent {
-    my ($r) = @_;
+    my ($r,$checkstale) = @_;
     my $crstype = &Apache::loncommon::course_type();
     $r->print(&Apache::loncommon::start_page('Verify '.$crstype.' Content'));
     $r->print(&Apache::lonhtmlcommon::breadcrumbs('Verify '.$crstype.' Content'));
@@ -4729,7 +4764,7 @@ sub verifycontent {
 	   }
        }
        if (($key=~/^src\_(.+)$/) && (!$alreadyseen{&unescape($hash{$key})})) {
-           &checkonthis($r,$hash{$key},0,$hash{'title_'.$1});
+           &checkonthis($r,$hash{$key},0,$hash{'title_'.$1},$checkstale);
        }
    }
    &untiehash();
@@ -4737,7 +4772,6 @@ sub verifycontent {
     $r->print(&endContentScreen());
 }
 
-
 sub devalidateversioncache {
     my $src=shift;
     &Apache::lonnet::devalidate_cache_new('courseresversion',$env{'request.course.id'}.'_'.
@@ -5200,9 +5234,25 @@ sub handler {
         $disabled = ' disabled="disabled"';
     }
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['inhibitmenu']);
+    if ($env{'form.inhibitmenu'}) {
+        unless ($env{'form.inhibitmenu'} eq 'yes') {
+            delete($env{'form.inhibitmenu'});
+        }
+    }
+
   if ($allowed && $env{'form.verify'}) {
       &init_breadcrumbs('verify','Verify Content','Docs_Verify_Content');
-      &verifycontent($r);
+      if (!$canedit) {
+          &verifycontent($r);
+      } elsif (($env{'form.checkstale'} ne '') && ($env{'form.checkstale'} =~ /^\d$/)) {
+          &Apache::lonhtmlcommon::add_breadcrumb({href=>"/adm/coursedocs?tools=1&verify=1&checkstale=$env{'form.checkstale'}",
+                                                  text=>'Results',
+                                                  faq=>273,
+                                                  bug=>'Instructor Interface'});
+          &verifycontent($r,$env{'form.checkstale'});
+      } else {
+          &contentverifyform($r);
+      }
   } elsif ($allowed && $env{'form.listsymbs'}) {
       &init_breadcrumbs('listsymbs','List Content IDs');
       &list_symbs($r);
@@ -5282,6 +5332,26 @@ sub handler {
                                              'forcesupplement','forcestandard',
                                              'tools','symb','command','supppath']);
 
+    foreach my $item ('forcesupplement','forcestandard','tools') {
+        next if ($env{'form.'.$item} eq '');
+        unless ($env{'form.'.$item} eq '1') {
+            delete($env{'form.'.$item});
+        }
+    }
+
+    if ($env{'form.command'}) {
+        unless ($env{'form.command'} =~ /^(direct|directnav|editdocs|editsupp|contents|home)$/) {
+            delete($env{'form.command'});
+        }
+    }
+
+    if ($env{'form.symb'}) {
+        my ($mapurl,$id,$resurl) = &Apache::lonnet::decode_symb($env{'form.symb'});
+        unless (($id =~ /^\d+$/) && (&Apache::lonnet::is_on_map($resurl))) { 
+            delete($env{'form.symb'});
+        }
+    }
+
 # standard=1: this is a "new-style" course with an uploaded map as top level
 # standard=2: this is a "old-style" course, and there is nothing we can do
 
@@ -5304,6 +5374,38 @@ sub handler {
     my $toolsflag=0;
     if ($env{'form.tools'}) { $toolsflag=1; }
 
+    if ($env{'form.folderpath'} ne '') {
+        my @items = split(/\&/,$env{'form.folderpath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+                $badpath = 1;
+            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.folderpath'});
+        }
+    }
+
+    if ($env{'form.supppath'} ne '') {
+        my @items = split(/\&/,$env{'form.supppath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+                $badpath = 1; 
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.supppath'});
+        }
+    }
+
     my $script='';
     my $showdoc=0;
     my $addentries = {};
@@ -5576,6 +5678,7 @@ sub handler {
 	  undef($hadchanges);
           $uploadphase = &process_file_upload(\$upload_output,$coursenum,$coursedom,
                                               \%allfiles,\%codebase,$context,$crstype);
+          undef($navmap);
 	  if ($hadchanges) {
 	      &mark_hash_old();
 	  }
@@ -6375,8 +6478,10 @@ unless ($container eq 'page') {
              $r->print('<p><span class="LC_error">'.$error.'</span></p>');
           }
           if ($hadchanges) {
-             &mark_hash_old();
-          }
+              unless (&is_hash_old()) {
+                  &mark_hash_old();
+              }
+	  }
 
           &changewarning($r,'');
         }
@@ -6574,6 +6679,7 @@ my %suporderhash = (
 sub embedded_form_elems {
     my ($phase,$primaryurl,$newidx) = @_;
     my $folderpath = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
+    $newidx =~s /\D+//g;
     return <<STATE;
     <input type="hidden" name="folderpath" value="$folderpath" />
     <input type="hidden" name="cmd" value="upload_embedded" />
@@ -6594,7 +6700,11 @@ sub embedded_destination {
     } elsif ($folder =~ /^(default|supplemental)_(\d+)$/) {
         $destination .=  $2.'/';
     }
-    $destination .= $env{'form.newidx'};
+    my $newidx = $env{'form.newidx'};
+    $newidx =~s /\D+//g;
+    if ($newidx) {
+        $destination .= $newidx;
+    }
     my $dir_root = '/userfiles';
     return ($destination,$dir_root);
 }
@@ -6620,6 +6730,9 @@ sub decompression_info {
     }
     unshift(@hiddens,$pathitem);
     foreach my $item (@hiddens) {
+        if ($item eq 'newidx') {
+            next if ($env{'form.'.$item} =~ /\D/);
+        }
         if ($env{'form.'.$item}) {
             $hiddenelem .= '<input type="hidden" name="'.$item.'" value="'.
                            &HTML::Entities::encode($env{'form.'.$item},'<>&"').'" />'."\n";
@@ -8712,7 +8825,9 @@ check on this
 
 Verify Content
 
-=item devalidateversioncache() & checkversions()
+=item devalidateversioncache() 
+
+=item checkversions()
 
 Check Versions