--- loncom/interface/lonwhatsnew.pm	2009/11/19 14:05:46	1.97
+++ loncom/interface/lonwhatsnew.pm	2009/11/24 02:43:45	1.98
@@ -1,5 +1,5 @@
 #
-# $Id: lonwhatsnew.pm,v 1.97 2009/11/19 14:05:46 bisitz Exp $
+# $Id: lonwhatsnew.pm,v 1.98 2009/11/24 02:43:45 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -42,6 +42,7 @@ use Time::Local;
 use GDBM_File;
 use lib '/home/httpd/lib/perl/';
 use LONCAPA;
+use HTML::Entities;
 
 #----------------------------
 # handler
@@ -345,7 +346,7 @@ sub display_actions_box {
     if ($refpage eq 'start') {
         if (tie(my %bighash,'GDBM_File',$env{'request.course.fn'}.'.db',
             &GDBM_READER(),0640)) {
-            my $furl=$bighash{'first_url'};
+            my $furl=&HTML::Entities::encode($bighash{'first_url'},'"<>&');
             untie(%bighash);
             $header .= '<b><a href="'.$furl.'">'.$lt{'gtfr'}.
                   '</a></b><br />';
@@ -1957,35 +1958,35 @@ sub start_box {
          if ($$show{$caller}) {
              $r->print('
               <tr>
-                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgthreshold&refpage='.$refpage.'">'.$lt{'chth'}.'</a></td>
+                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgthreshold&amp;refpage='.$refpage.'">'.$lt{'chth'}.'</a></td>
               </tr>');
          }
      } elsif (($caller eq 'versionchanges') && ($$show{$caller})) {
          if ($$show{$caller}) {
              $r->print('
               <tr>
-                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chginterval&refpage='.$refpage.'">'.$lt{'chin'}.'</a></td>
+                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chginterval&amp;refpage='.$refpage.'">'.$lt{'chin'}.'</a></td>
               </tr>');
          }
      } elsif ($caller eq 'coursediscussion') {
          if ($$show{$caller}) {
              $r->print('
               <tr>
-                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgdisc&refpage='.$refpage.'">'.$lt{'chop'}.'</a></td>
+                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgdisc&amp;refpage='.$refpage.'">'.$lt{'chop'}.'</a></td>
               </tr>');
          }
      } elsif (($caller eq 'newroles') && ($$show{$caller})) {
          if ($$show{$caller}) {
              $r->print('
               <tr>
-                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgnewroleinterval&refpage='.$refpage.'">'.$lt{'chin'}.'</a></td>
+                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgnewroleinterval&amp;refpage='.$refpage.'">'.$lt{'chin'}.'</a></td>
               </tr>');
          }
      } elsif (($caller eq 'oldroles') && ($$show{$caller})) {
          if ($$show{$caller}) {
              $r->print('
               <tr>
-                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgoldroleinterval&refpage='.$refpage.'">'.$lt{'chin'}.'</a></td>
+                <td class="LC_subheader" colspan="2"><a href="/adm/whatsnew?command=chgoldroleinterval&amp;refpage='.$refpage.'">'.$lt{'chin'}.'</a></td>
               </tr>');
          }
      }