![]() ![]() | ![]() |
Bug #1019. Allow limited HTML in templates.
1: # The LearningOnline Network 2: # Simple Page Editor 3: # 4: # $Id: lonsimplepage.pm,v 1.4 2003/02/10 16:22:28 www Exp $ 5: # 6: # Copyright Michigan State University Board of Trustees 7: # 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA). 9: # 10: # LON-CAPA is free software; you can redistribute it and/or modify 11: # it under the terms of the GNU General Public License as published by 12: # the Free Software Foundation; either version 2 of the License, or 13: # (at your option) any later version. 14: # 15: # LON-CAPA is distributed in the hope that it will be useful, 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18: # GNU General Public License for more details. 19: # 20: # You should have received a copy of the GNU General Public License 21: # along with LON-CAPA; if not, write to the Free Software 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23: # 24: # /home/httpd/html/adm/gpl.txt 25: # 26: # http://www.lon-capa.org/ 27: # 28: 29: package Apache::lonsimplepage; 30: 31: use strict; 32: use Apache::Constants qw(:common); 33: use Apache::loncommon; 34: use Apache::lonnet; 35: use Apache::lontexconvert; 36: 37: sub handler { 38: my $r = shift; 39: $r->content_type('text/html'); 40: $r->send_http_header; 41: return OK if $r->header_only; 42: 43: # ------------------------------------------------------------ Print the screen 44: $r->print(<<ENDDOCUMENT); 45: <html> 46: <head> 47: <title>The LearningOnline Network with CAPA</title> 48: </head> 49: ENDDOCUMENT 50: my (undef,undef,undef,undef,$marker)=split(/\//,$r->uri); 51: # Is this even in a course? 52: unless ($ENV{'request.course.id'}) { 53: $r->print('<body>Not in a course</body>'); 54: return OK; 55: } 56: 57: $marker=~s/\D//g; 58: 59: unless ($marker) { 60: $r->print('<body>Invalid call</body>'); 61: return OK; 62: } 63: 64: my $dom = $ENV{'course.'.$ENV{'request.course.id'}.'.domain'}; 65: my $crs = $ENV{'course.'.$ENV{'request.course.id'}.'.num'}; 66: 67: # --------------------------------------------------------- The syllabus fields 68: my %syllabusfields=( 69: 'aaa_title' => 'Page Title', 70: 'bbb_content' => 'Content', 71: 'ccc_webreferences' => 'Web References'); 72: 73: # --------------------------------------------------------------- Force Student 74: &Apache::loncommon::get_unprocessed_cgi 75: ($ENV{'QUERY_STRING'},['forcestudent']); 76: my $forcestudent=''; 77: if ($ENV{'form.forcestudent'}) { $forcestudent='student'; }; 78: 79: my %syllabus=&Apache::lonnet::dump('smppage_'.$marker,$dom,$crs); 80: 81: # --------------------------------------- There is such a user, get environment 82: 83: $r->print(&Apache::loncommon::bodytag 84: ("Course Page",$forcestudent,'','',$dom)); 85: 86: my $allowed=&Apache::lonnet::allowed('srm',$ENV{'request.course.id'}); 87: 88: if ($forcestudent) { $allowed=0; } 89: 90: if ($allowed) { 91: $r->print( 92: '<p><a href="'.$r->uri.'?forcestudent=1">Show Public View</a>'. 93: &Apache::loncommon::help_open_topic('Uploaded_Templates_PublicView').'</p>'); 94: } 95: if (($ENV{'form.uploaddoc.filename'}) && 96: ($ENV{'form.storeupl'}) && ($allowed)) { 97: if ($ENV{'form.uploaddoc.filename'}=~/\.(gif|jpg|png|jpeg)$/) { 98: $syllabus{'uploaded.photourl'}= 99: &Apache::lonnet::userfileupload('uploaddoc',1); 100: } 101: $syllabus{'uploaded.lastmodified'}=time; 102: &Apache::lonnet::put('smppage_'.$marker,\%syllabus,$dom,$crs); 103: } 104: if (($allowed) && ($ENV{'form.storesyl'})) { 105: foreach (keys %syllabusfields) { 106: my $field=$ENV{'form.'.$_}; 107: $field=~s/\s+$//s; 108: $field=&Apache::lonfeedback::clear_out_html($field,1); 109: $syllabus{$_}=$field; 110: } 111: $syllabus{'uploaded.lastmodified'}=time; 112: &Apache::lonnet::put('smppage_'.$marker,\%syllabus,$dom,$crs); 113: } 114: 115: # ---------------------------------------------------------------- Get syllabus 116: if (($syllabus{'uploaded.lastmodified'}) || ($allowed)) { 117: if ($syllabus{'uploaded.photourl'}) { 118: $r->print('<img src="'. 119: &Apache::lonnet::tokenwrapper($syllabus{'uploaded.photourl'}). 120: '" align="right" />'); 121: } 122: if ($allowed) { 123: $r->print( 124: '<form method="post" enctype="multipart/form-data">'. 125: '<h3>Upload a Photo</h3>'. 126: '<input type="file" name="uploaddoc" size="50">'. 127: '<input type="submit" name="storeupl" value="Upload">'. 128: '</form><form method="post">'); 129: } 130: foreach (sort keys %syllabusfields) { 131: if (($syllabus{$_}) || ($allowed)) { 132: my $message=$syllabus{$_}; 133: $message=~s/\n/\<br \/\>/g; 134: $message 135: =~s/(http\:\/\/[^\s]+)/\<a href=\"$1\"\>\<tt\>$1\<\/tt\>\<\/a\>/g; 136: $message=&Apache::lontexconvert::msgtexconverted($message); 137: unless ($_ eq 'aaa_title') { 138: if (($_ ne 'bbb_content') || ($allowed)) { 139: $r->print('<h3>'.$syllabusfields{$_}.'</h3>'); 140: } 141: $r->print('<blockquote>'. 142: $message.'</blockquote>'); 143: if ($allowed) { 144: $r->print('<br /><textarea cols="80" rows="20" name="'.$_.'">'. 145: $syllabus{$_}. 146: '</textarea><input type="submit" name="storesyl" value="Store" />'); 147: } 148: } else { 149: $r->print('<h1>'.$message.'</h1>'); 150: if ($allowed) { 151: $r->print( 152: '<br />Title<br /><textarea cols="80" rows="2" name="'.$_.'">'. 153: $syllabus{$_}. 154: '</textarea><input type="submit" name="storesyl" value="Store" />'); 155: } 156: } 157: } 158: } 159: if ($allowed) { 160: $r->print('</form>'); 161: } 162: $r->print('</p>'); 163: } else { 164: $r->print('<p>No page information provided.</p>'); 165: } 166: $r->print('</body></html>'); 167: return OK; 168: } 169: 170: 1; 171: __END__