--- loncom/interface/londocs.pm	2021/02/09 22:12:33	1.675
+++ loncom/interface/londocs.pm	2022/09/29 03:59:29	1.681
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.675 2021/02/09 22:12:33 raeburn Exp $
+# $Id: londocs.pm,v 1.681 2022/09/29 03:59:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -183,6 +183,45 @@ sub default_folderpath {
     }
 }
 
+sub validate_folderpath {
+    my ($supplementalflag) = @_;
+    if ($env{'form.folderpath'} ne '') {
+        my @items = split(/\&/,$env{'form.folderpath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
+                $badpath = 1;
+            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.folderpath'});
+        }
+    }
+    return;
+}
+
+sub validate_suppath {
+    if ($env{'form.supppath'} ne '') {
+        my @items = split(/\&/,$env{'form.supppath'});
+        my $badpath;
+        for (my $i=0; $i<@items; $i++) {
+            my $odd = $i%2;
+            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
+                $badpath = 1;
+            }
+            last if ($badpath);
+        }
+        if ($badpath) {
+            delete($env{'form.supppath'});
+        }
+    }
+    return;
+}
+
 sub dumpcourse {
     my ($r) = @_;
     my $crstype = &Apache::loncommon::course_type();
@@ -1456,7 +1495,7 @@ sub print_paste_buffer {
             }
             $pasteitems .= '<label><input type="checkbox" name="pasting" id="pasting_'.$suffix.'" value="'.$suffix.'" '.$onclick.'/>'.$buffer.'</label>';
             if ($nopaste) {
-                 $pasteitems .= $nopaste;   
+                 $pasteitems .= ' <span class="LC_cusr_emph">'.$nopaste.'</span>';   
             } else {
                 if ($othercrs) {
                     $pasteitems .= $othercrs;
@@ -2761,6 +2800,15 @@ sub apply_fixups {
             $storefn =~ s/^((?:default|supplemental)_)(\d+)/$1$newsubdir{$key}/;
         }
         my $mapcontent = &Apache::lonnet::getfile($key);
+        if (($mapcontent eq '-1') && ($before{'map'} eq 'supplemental') &&
+            ($after{'map'} eq 'default') &&
+            ($key =~ m{^/uploaded/$match_domain/$match_courseid/supplemental_\d+\.sequence$})) {
+            $mapcontent = '<map>'."\n".
+                          '<resource id="1" src="" type="start" />'."\n".
+                          '<link from="1" to="2" index="1" />'."\n".
+                          '<resource id="2" src="" type="finish" />'."\n".
+                          '</map>';
+        }
         if ($mapcontent eq '-1') {
             if (ref($errors) eq 'HASH') {
                 $errors->{$key} = 1;
@@ -3929,7 +3977,7 @@ sub entryline {
     my $line=&Apache::loncommon::start_data_table_row();
     my ($form_start,$form_end,$form_common,$form_param);
 # Edit commands
-    my ($esc_path, $path, $symb, $curralias);
+    my ($esc_path, $path, $symb, $shownsymb, $curralias);
     if ($env{'form.folderpath'}) {
 	$esc_path=&escape($env{'form.folderpath'});
 	$path = &HTML::Entities::encode($env{'form.folderpath'},'<>&"');
@@ -4196,36 +4244,16 @@ END
             } elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
                 if (($ENV{'SERVER_PORT'} == 443) &&
                     ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                    unless (&Apache::lonnet::uses_sts()) {
+                    unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                         $url .= '?usehttp=1';
                     }
                     $nomodal = 1;
                 }
             }
-            if (&Apache::lonnet::symbverify($symb,$url)) {
-                my $shownsymb = $symb;
-                if ($isexternal) {
-                    $url =~ s/\#[^#]+$//;
-                    if ($container eq 'page') {
-                        $url = &Apache::lonnet::clutter($url);
-                    }
-                }
-                unless ($env{'request.role.adv'}) {
-                    if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
-                        $url = '';
-                    }
-                    if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
-                        $url = '';
-                        $hiddenres = 1;
-                    }
-                }
-                if ($url ne '') {
-                    $url.=(($url=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
-                }
-            } elsif (!$env{'request.role.adv'}) {
-                my $checkencrypt;
+            my ($checkencrypt,$shownurl);
+            if (!$env{'request.role.adv'}) {
                 if (((&LONCAPA::map::getparameter($orderidx,'parameter_encrypturl'))[0]=~/^yes$/i) ||
-                      $isencrypted || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
+                    ($isencrypted) || (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i)) {
                     $checkencrypt = 1;
                 } elsif (ref($navmapref)) {
                     unless (ref($$navmapref)) {
@@ -4233,26 +4261,43 @@ END
                     }
                     if (ref($$navmapref)) {
                         if (lc($$navmapref->get_mapparam($symb,undef,"0.encrypturl")) eq 'yes') {
-                            $checkencrypt = 1;       
+                            $checkencrypt = 1;
                         }
                     }
                 }
-                if ($checkencrypt) {
-                    my $shownsymb = &Apache::lonenc::encrypted($symb);
-                    my $shownurl = &Apache::lonenc::encrypted($url);
-                    if (&Apache::lonnet::symbverify($shownsymb,$shownurl)) {
-                        $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
-                        if ($env{'request.enc'} ne '') {
-                            delete($env{'request.enc'});
-                        }
-                    } else {
-                        $url='';
-                    }
+            }
+            if ($checkencrypt) {
+                my $currenc = $env{'request.enc'};
+                $env{'request.enc'} = 1;
+                $shownsymb = &Apache::lonenc::encrypted($symb);
+                $shownurl = &Apache::lonenc::encrypted($url);
+                if (&Apache::lonnet::symbverify($symb,$url)) {
+                    $url = $shownurl;
                 } else {
-                    $url='';
+                    $url = '';
+                }
+                $env{'request.enc'} = $currenc;
+            } elsif (&Apache::lonnet::symbverify($symb,$url)) {
+                $shownsymb = $symb;
+                if ($isexternal) {
+                    $url =~ s/\#[^#]+$//;
+                    if ($container eq 'page') {
+                        $url = &Apache::lonnet::clutter($url);
+                    }
+                }
+                $shownurl = $url;
+            }
+            unless ($env{'request.role.adv'}) {
+                if ((&LONCAPA::map::getparameter($orderidx,'parameter_hiddenresource'))[0]=~/^yes$/i) {
+                    $url = '';
+                }
+                if (&Apache::lonnet::EXT('resource.0.hiddenresource',$symb) =~ /^yes$/i) {
+                    $url = '';
+                    $hiddenres = 1;
                 }
-            } else {
-                $url='';
+            }
+            if ($url ne '') {
+                $url = $shownurl.(($shownurl=~/\?/)?'&':'?').'symb='.&escape($shownsymb);
             }
 	}
     } elsif ($supplementalflag) {
@@ -4261,7 +4306,7 @@ END
                 $url = $1;
                 $anchor = $2;
                 if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
-                    unless (&Apache::lonnet::uses_sts()) {
+                    unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                         if ($hostname ne '') {
                             $url = 'http://'.$hostname.$url;
                         }
@@ -4273,7 +4318,7 @@ END
         } elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
             if (($ENV{'SERVER_PORT'} == 443) &&
                 ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                unless (&Apache::lonnet::uses_sts()) {
+                unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                     if ($hostname ne '') {
                         $url = 'http://'.$hostname.$url;
                     }
@@ -4412,7 +4457,7 @@ $form_end;
                     &Apache::lonhtmlcommon::jump_to_editres($cfile,$home,
                                                             $switchserver,
                                                             $forceedit,
-                                                            undef,$symb,
+                                                            undef,$symb,$shownsymb,
                                                             &escape($env{'form.folderpath'}),
                                                             $renametitle,$hostname,
                                                             '','',1,$suppanchor);
@@ -5546,35 +5591,11 @@ sub handler {
     if ($env{'form.tools'}) { $toolsflag=1; }
 
     if ($env{'form.folderpath'} ne '') {
-        my @items = split(/\&/,$env{'form.folderpath'});
-        my $badpath;
-        for (my $i=0; $i<@items; $i++) {
-            my $odd = $i%2;
-            if (($odd) && (!$supplementalflag) && ($items[$i] !~ /^[^:]*:(|\d+):(|1):(|1):(|1):(|1)$/)) {
-                $badpath = 1;
-            } elsif ((!$odd) && ($items[$i] !~ /^(default|supplemental)(|_\d+)$/)) {
-                $badpath = 1;
-            }
-            last if ($badpath);
-        }
-        if ($badpath) {
-            delete($env{'form.folderpath'});
-        }
+        &validate_folderpath($supplementalflag);
     }
 
     if ($env{'form.supppath'} ne '') {
-        my @items = split(/\&/,$env{'form.supppath'});
-        my $badpath;
-        for (my $i=0; $i<@items; $i++) {
-            my $odd = $i%2;
-            if ((!$odd) && ($items[$i] !~ /^supplemental(|_\d+)$/)) {
-                $badpath = 1; 
-            }
-            last if ($badpath);
-        }
-        if ($badpath) {
-            delete($env{'form.supppath'});
-        }
+        &validate_suppath();
     }
 
     my $script='';
@@ -5633,6 +5654,9 @@ sub handler {
         } else {
             undef($env{'form.folderpath'});
         }
+        if ($env{'form.folderpath'} ne '') {
+            &validate_folderpath($supplementalflag);
+        }
     }
    
 # If we are not allowed to make changes, all we can see are supplemental docs
@@ -7306,7 +7330,7 @@ sub editing_js {
                 if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
                     if (($ENV{'SERVER_PORT'} == 443) &&
                         ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                        unless (&Apache::lonnet::uses_sts()) {
+                        unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                             if ($hostname ne '') {
                                 $backtourl = 'http://'.$hostname.$backtourl;
                             }
@@ -7315,7 +7339,7 @@ sub editing_js {
                     }
                 } elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
                     if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
-                        unless (&Apache::lonnet::uses_sts()) {
+                        unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
                             if ($hostname ne '') {
                                 $backtourl = 'http://'.$hostname.$backtourl;
                             }
@@ -7361,7 +7385,7 @@ sub editing_js {
 function makenewfolder(targetform,folderseq) {
     var foldername=prompt('$js_lt{"p_mnf"}','$js_lt{"t_mnf"}');
     if (foldername) {
-       targetform.importdetail.value=escape(foldername)+"="+folderseq;
+       targetform.importdetail.value=encodeURIComponent(foldername)+"="+folderseq;
         targetform.submit();
     }
 }
@@ -7369,7 +7393,7 @@ function makenewfolder(targetform,folder
 function makenewpage(targetform,folderseq) {
     var pagename=prompt('$js_lt{"p_mnp"}','$js_lt{"t_mnp"}');
     if (pagename) {
-        targetform.importdetail.value=escape(pagename)+"="+folderseq;
+        targetform.importdetail.value=encodeURIComponent(pagename)+"="+folderseq;
         targetform.submit();
     }
 }
@@ -7378,7 +7402,7 @@ function makeexamupload() {
    var title=prompt('$js_lt{"p_mxu"}');
    if (title) {
     this.document.forms.newexamupload.importdetail.value=
-	escape(title)+'=/res/lib/templates/examupload.problem';
+	encodeURIComponent(title)+'=/res/lib/templates/examupload.problem';
     this.document.forms.newexamupload.submit();
    }
 }
@@ -7387,7 +7411,7 @@ function makesmppage() {
    var title=prompt('$js_lt{"p_msp"}');
    if (title) {
     this.document.forms.newsmppg.importdetail.value=
-	escape(title)+'=/adm/$udom/$uname/new/smppg';
+	encodeURIComponent(title)+'=/adm/$udom/$uname/new/smppg';
     this.document.forms.newsmppg.submit();
    }
 }
@@ -7411,7 +7435,7 @@ function makesmpproblem() {
    var title=prompt('$js_lt{"p_msb"}');
    if (title) {
     this.document.forms.newsmpproblem.importdetail.value=
-	escape(title)+'=/res/lib/templates/simpleproblem.problem';
+	encodeURIComponent(title)+'=/res/lib/templates/simpleproblem.problem';
     this.document.forms.newsmpproblem.submit();
    }
 }
@@ -7420,7 +7444,7 @@ function makedropbox() {
    var title=prompt('$js_lt{"p_mdb"}');
    if (title) {
     this.document.forms.newdropbox.importdetail.value=
-        escape(title)+'=/res/lib/templates/DropBox.problem';
+        encodeURIComponent(title)+'=/res/lib/templates/DropBox.problem';
     this.document.forms.newdropbox.submit();
    }
 }
@@ -7429,7 +7453,7 @@ function makebulboard() {
    var title=prompt('$js_lt{"p_mbb"}');
    if (title) {
     this.document.forms.newbul.importdetail.value=
-	escape(title)+'=/adm/$udom/$uname/new/bulletinboard';
+	encodeURIComponent(title)+'=/adm/$udom/$uname/new/bulletinboard';
     this.document.forms.newbul.submit();
    }
 }
@@ -8553,7 +8577,7 @@ function validImportCrsRes() {
         url += fname;
     }
     var title = document.crsresimportform.crsrestitle.value;
-    document.crsresimportform.importdetail.value=escape(title)+'='+escape(url);
+    document.crsresimportform.importdetail.value=encodeURIComponent(title)+'='+encodeURIComponent(url);
     return true;
 }