--- loncom/xml/run.pm	2003/11/09 01:17:35	1.42
+++ loncom/xml/run.pm	2004/03/31 05:24:00	1.46
@@ -1,6 +1,6 @@
 package Apache::run;
 #
-# $Id: run.pm,v 1.42 2003/11/09 01:17:35 albertel Exp $
+# $Id: run.pm,v 1.46 2004/03/31 05:24:00 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -27,13 +27,28 @@ package Apache::run;
 
 use HTML::Entities;
 
-$Apache::run::EVALUATE_STRING=<<'ENDEVALUATE';  
-  my %_LONCAPA_INTERNAL_oldexpressions=();
-  while (!$_LONCAPA_INTERNAL_oldexpressions{$_}) {
+$Apache::run::EVALUATE_STRING=<<'ENDEVALUATE';
+my %_LONCAPA_INTERNAL_oldexpressions=();
+while (!$_LONCAPA_INTERNAL_oldexpressions{$_}) {
     $_LONCAPA_INTERNAL_oldexpressions{$_}=1;
-    $_ =~s/((?:\$|\&)(?:[\#|\$]*[A-Za-z][\w]*|\{[A-Za-z][\w]*\}))([\[\{][^\$\&\]\}]+[\]\}])*?(\([^\$\&\)]+\))*?(?=[^\[\{\(]|$)/eval(defined(eval($1.$2))?eval('$1.$2.$3'):'$1.$2.$3')/seg;
+    $_ =~s/  # $1 will be the variable reference or subroutine name
+            ((?:\$|\&) #look for a starting $ or &
+             (?:[\#|\$]* #support $$ or $#$ etc.
+              [A-Za-z][\w]*| # get variable name
+              \{[A-Za-z][\w]*\})) # for ${a}
+             # $2 is 0 or more array dereferences []
+             #             or  hash dereferences {}
+             # the ^$ and ^& is because we do this iteratively
+             #    $a[$c] becomes $a[3] which then evaluates
+             ([\[\{][^\$\&\]\}]+[\]\}])*?
+             # $3 is the list of arguments
+             (\([^\$\&\)]+\))*?
+                # only match the above if there is not { [ ( coming up
+                # Why? (I.e. this fails &a(1)[2]
+                (?=[^\[\{\(]|$)/
+         &__LC_INTERNAL_EVALUATE__($1,$2,$3)/sexg;
     if (scalar(values(%_LONCAPA_INTERNAL_oldexpressions))>10) {last;}
-  }
+}
 ENDEVALUATE
 
 sub evaluate {
@@ -62,15 +77,15 @@ sub evaluate {
     } else {
 	if ($Apache::run::timeout) {
 	    $error = 'Code ran too long. It ran for more than '.
-		Apache->request->server->timeout.' seconds';
+		$Apache::lonnet::perlvar{'lonScriptTimeout'}.' seconds';
 	}
 	&Apache::lonxml::error('substitution on <pre>'.
-			       &HTML::Entities::encode($expression).
+			       &HTML::Entities::encode($expression,'<>&"').
 			       '</pre> with <pre>'.
-			       &HTML::Entities::encode($decls).
+			       &HTML::Entities::encode($decls,'<>&"').
 			       '</pre> caused <pre>'.
-			       &HTML::Entities::encode($error).' '.
-			       &HTML::Entities::encode($innererror).
+			       &HTML::Entities::encode($error,'<>&"').' '.
+			       &HTML::Entities::encode($innererror,'<>&"').
 			       '</pre>');
     }
     return $result
@@ -96,12 +111,12 @@ sub run {
     if (($Apache::run::timeout || $error ne '' || $innererror ne '') && !$hideerrors) {
 	if ($Apache::run::timeout) {
 	    $error = 'Code ran too long. It ran for more than '.
-		Apache->request->server->timeout.' seconds';
+		$Apache::lonnet::perlvar{'lonScriptTimeout'}.' seconds';
 	}
-	my $errormsg='<pre>'.&HTML::Entities::encode($error).' '.
-	    &HTML::Entities::encode($innererror).
+	my $errormsg='<pre>'.&HTML::Entities::encode($error,'<>&"').' '.
+	    &HTML::Entities::encode($innererror,'<>&"').
 	    '</pre> occured while running <pre>';
-	$code=&HTML::Entities::encode($code);
+	$code=&HTML::Entities::encode($code,'<>&"');
 	if ($innererror=~/line (\d+)/) {
 	    my $linenumber=$1;
 	    my @code=split("\n",$code);
@@ -138,7 +153,7 @@ sub dump {
 					$symname.'{$_} } sort keys %'.
 					$symname.')').")"
 				    }
-	    if ($line ne '') {$dump.=&HTML::Entities::encode($line)."<br />";}
+	    if ($line ne '') {$dump.=&HTML::Entities::encode($line,'<>&"')."<br />";}
 	}
     }
     $dump.='';