--- loncom/interface/lonsyllabus.pm 2020/01/20 17:21:08 1.138.2.5.2.2 +++ loncom/interface/lonsyllabus.pm 2025/03/16 21:04:09 1.157 @@ -1,7 +1,7 @@ # The LearningOnline Network # Syllabus # -# $Id: lonsyllabus.pm,v 1.138.2.5.2.2 2020/01/20 17:21:08 raeburn Exp $ +# $Id: lonsyllabus.pm,v 1.157 2025/03/16 21:04:09 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -40,6 +40,7 @@ use Apache::lonannounce; use Apache::lonlocal; use Apache::lonhtmlcommon; use Apache::lonspeller(); +use Apache::lonwrapper(); use HTML::Entities(); sub handler { @@ -152,8 +153,20 @@ sub handler { &Apache::structuretags::reset_problem_globals(); my $oldfile = $env{'request.filename'}; $env{'request.filename'} = $item; + my $oldinhibit; + if ($env{'form.only_body'}) { + $oldinhibit = $env{'form.inhibitmenu'}; + $env{'form.inhibitmenu'} = 'yes'; + } my $result = &Apache::lonxml::xmlparse($r,$target,$filecontents, '',%mystyle); + if ($env{'form.only_body'}) { + if ($oldinhibit ne '') { + $env{'form.inhibitmenu'} = $oldinhibit; + } else { + delete($env{'form.inhibitmenu'}); + } + } &Apache::structuretags::reset_problem_globals(); &Apache::lonhomework::finished_parsing(); $env{'request.filename'} = $oldfile; @@ -170,6 +183,7 @@ sub handler { } else { my $brcrum; if ($env{'form.folderpath'} =~ /^supplemental/) { + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); my $title = $env{'form.title'}; if ($title eq '') { $title = &mt('Syllabus'); @@ -187,7 +201,8 @@ sub handler { unless ($allowed && $forceedit) { if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public') && ($ENV{'SERVER_PORT'} == 443) && ($external =~ m{^http://}) && !($env{'form.usehttp'})) { - unless (&Apache::lonnet::uses_sts()) { + my $hostname = $r->hostname(); + unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) { &redirect_to_http($r); return OK; } @@ -204,10 +219,12 @@ sub handler { $is_pdf = 1; } if ($env{'form.folderpath'} =~ /^supplemental/) { + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); my $title = $env{'form.title'}; if ($title eq '') { $title = &mt('Syllabus'); } + $title = &HTML::Entities::encode($title,'\'"<>&'); $brcrum = &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1); } @@ -313,10 +330,8 @@ sub handler { if ($allowed) { #---------------------------------- Print External URL Syllabus Info if editing if ($target ne 'tex') { - my $hostname = &Apache::lonnet::hostname($homeserver); - my $protocol = $Apache::lonnet::protocol{$homeserver}; - $protocol = 'http' if ($protocol ne 'https'); - my $link = $protocol.'://'.$hostname.$r->uri; + my $link = &Apache::lonnet::url_prefix($r,$cdom,$homeserver,'web'). + $r->uri; $r->print('
' .'' .'' @@ -325,7 +340,7 @@ sub handler { .'' .'
'."\n"); my $lonhost = $r->dir_config('lonHostID'); - $r->print(&chooser($external,$uploaded,$minimal,$cdom,$cnum,$lonhost, + $r->print(&chooser($r,$external,$uploaded,$minimal,$cdom,$cnum,$lonhost, \%syllabusfields,\%syllabus)); } } else { @@ -433,7 +448,7 @@ sub handler { 'box_111_showrssfeeds',$display); my ($numfeeds,$hiddenfeeds,$rsslinktext); my $feeds=&Apache::lonrss::advertisefeeds($cnum,$cdom,$forceedit,\$numfeeds, - \$hiddenfeeds); + \$hiddenfeeds,1); if ($numfeeds) { $r->print($feeds); $rsslinktext = &mt('New RSS Feed or Blog'); @@ -461,7 +476,7 @@ sub handler { &Apache::lontemplate::print_end_template($r); } else { unless ($hidefeeds) { - my $feeds = &Apache::lonrss::advertisefeeds($cnum,$cdom,$forceedit); + my $feeds = &Apache::lonrss::advertisefeeds($cnum,$cdom,$forceedit,'','',1); if ($feeds ne '') { &Apache::lontemplate::print_start_template($r,&mt('RSS Feeds and Blogs'),'LC_Box'); $r->print($feeds); @@ -506,7 +521,7 @@ sub handler { $r->print($urls); $r->print("
"); &Apache::lontemplate::print_textarea_template($r, $data{$field}, - $field, Apache::lontemplate->RICH_TEXT_ALWAYS_OFF); + $field, $fields{$field}, Apache::lontemplate->RICH_TEXT_ALWAYS_OFF); &Apache::lontemplate::print_saveall_template($r); $r->print("
"); &Apache::lontemplate::print_end_template($r); @@ -764,6 +779,7 @@ sub get_breadcrumbs{ my ($cdom,$cnum,$crstype,$args) = @_; return unless (ref($args) eq 'HASH'); if ($env{'form.folderpath'} =~ /^supplemental/) { + &Apache::loncommon::validate_folderpath(1,'',$cnum,$cdom); my $title = $env{'form.title'}; if ($title eq '') { $title = &mt('Syllabus'); @@ -772,6 +788,7 @@ sub get_breadcrumbs{ &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1); if (ref($brcrum) eq 'ARRAY') { $args->{'bread_crumbs'} = $brcrum; + $args->{'bread_crumbs_nomenu'} = 1; } } else { if ((&Apache::lonnet::is_on_map("public/$cdom/$cnum/syllabus")) @@ -788,7 +805,7 @@ sub get_breadcrumbs{ } sub chooser { - my ($external,$uploaded,$minimal,$cdom,$cnum,$lonhost,$fields,$values) = @_; + my ($r,$external,$uploaded,$minimal,$cdom,$cnum,$lonhost,$fields,$values) = @_; my %lt = &Apache::lonlocal::texthash( 'type' => 'Syllabus Type', 'url' => 'External URL', @@ -843,30 +860,31 @@ sub chooser { $output .= '
'; } + my $urllabeltext = &HTML::Entities::encode(&mt('Enter URL'),'"&<>'); $output .= ''."\n". '
'."\n". '
'.$lt{'chourl'}.''."\n". ''.$lt{'pr'}.' '."\n". - ''."\n". + ''."\n". ' '."\n". '
'."\n". '
'."\n". '
'.$lt{'minimal'}.''; if ($minimal) { - my ($absurl,$filename,$depbutton) = &syllabus_file_info($minimal,$cnum,$cdom,$lonhost,'minimal'); + my ($absurl,$filename,$depbutton) = &syllabus_file_info($r,$minimal,$cnum,$cdom,$lonhost,'minimal'); $output .= ''.$lt{'pr'}.''. ''. $depbutton; } else { - $output .= &mt('Title of Syllabus Page:').' '. - ''."\n". + $output .= ''."\n". ' '."\n"; } $output .= '
'."\n". '
'."\n". '
'.$lt{'file'}.''; if ($uploaded) { - my ($absurl,$filename,$depbutton) = &syllabus_file_info($uploaded,$cnum,$cdom,$lonhost,'file'); + my ($absurl,$filename,$depbutton) = &syllabus_file_info($r,$uploaded,$cnum,$cdom,$lonhost,'file'); $output .= ''.$lt{'curr'}.' '. ''. ''.$filename.''.$depbutton. @@ -874,9 +892,10 @@ sub chooser { } else { $output .= $lt{'upl'}; } + my $labeltext = &HTML::Entities::encode(&mt('Choose syllabus file'),'"&<>'); $output .= '
'."\n". ''. - ''."\n". + ''."\n". ' '. '
'. '
'; } - $is_ext = $external; } + $is_ext = $external; } else { $output = '
'. &mt('External URL not saved -- invalid URL.').