--- loncom/xml/run.pm 2003/11/09 01:17:35 1.42 +++ loncom/xml/run.pm 2004/03/31 05:24:00 1.46 @@ -1,6 +1,6 @@ package Apache::run; # -# $Id: run.pm,v 1.42 2003/11/09 01:17:35 albertel Exp $ +# $Id: run.pm,v 1.46 2004/03/31 05:24:00 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -27,13 +27,28 @@ package Apache::run; use HTML::Entities; -$Apache::run::EVALUATE_STRING=<<'ENDEVALUATE'; - my %_LONCAPA_INTERNAL_oldexpressions=(); - while (!$_LONCAPA_INTERNAL_oldexpressions{$_}) { +$Apache::run::EVALUATE_STRING=<<'ENDEVALUATE'; +my %_LONCAPA_INTERNAL_oldexpressions=(); +while (!$_LONCAPA_INTERNAL_oldexpressions{$_}) { $_LONCAPA_INTERNAL_oldexpressions{$_}=1; - $_ =~s/((?:\$|\&)(?:[\#|\$]*[A-Za-z][\w]*|\{[A-Za-z][\w]*\}))([\[\{][^\$\&\]\}]+[\]\}])*?(\([^\$\&\)]+\))*?(?=[^\[\{\(]|$)/eval(defined(eval($1.$2))?eval('$1.$2.$3'):'$1.$2.$3')/seg; + $_ =~s/ # $1 will be the variable reference or subroutine name + ((?:\$|\&) #look for a starting $ or & + (?:[\#|\$]* #support $$ or $#$ etc. + [A-Za-z][\w]*| # get variable name + \{[A-Za-z][\w]*\})) # for ${a} + # $2 is 0 or more array dereferences [] + # or hash dereferences {} + # the ^$ and ^& is because we do this iteratively + # $a[$c] becomes $a[3] which then evaluates + ([\[\{][^\$\&\]\}]+[\]\}])*? + # $3 is the list of arguments + (\([^\$\&\)]+\))*? + # only match the above if there is not { [ ( coming up + # Why? (I.e. this fails &a(1)[2] + (?=[^\[\{\(]|$)/ + &__LC_INTERNAL_EVALUATE__($1,$2,$3)/sexg; if (scalar(values(%_LONCAPA_INTERNAL_oldexpressions))>10) {last;} - } +} ENDEVALUATE sub evaluate { @@ -62,15 +77,15 @@ sub evaluate { } else { if ($Apache::run::timeout) { $error = 'Code ran too long. It ran for more than '. - Apache->request->server->timeout.' seconds'; + $Apache::lonnet::perlvar{'lonScriptTimeout'}.' seconds'; } &Apache::lonxml::error('substitution on
'.
-			       &HTML::Entities::encode($expression).
+			       &HTML::Entities::encode($expression,'<>&"').
 			       '
with
'.
-			       &HTML::Entities::encode($decls).
+			       &HTML::Entities::encode($decls,'<>&"').
 			       '
caused
'.
-			       &HTML::Entities::encode($error).' '.
-			       &HTML::Entities::encode($innererror).
+			       &HTML::Entities::encode($error,'<>&"').' '.
+			       &HTML::Entities::encode($innererror,'<>&"').
 			       '
'); } return $result @@ -96,12 +111,12 @@ sub run { if (($Apache::run::timeout || $error ne '' || $innererror ne '') && !$hideerrors) { if ($Apache::run::timeout) { $error = 'Code ran too long. It ran for more than '. - Apache->request->server->timeout.' seconds'; + $Apache::lonnet::perlvar{'lonScriptTimeout'}.' seconds'; } - my $errormsg='
'.&HTML::Entities::encode($error).' '.
-	    &HTML::Entities::encode($innererror).
+	my $errormsg='
'.&HTML::Entities::encode($error,'<>&"').' '.
+	    &HTML::Entities::encode($innererror,'<>&"').
 	    '
occured while running
';
-	$code=&HTML::Entities::encode($code);
+	$code=&HTML::Entities::encode($code,'<>&"');
 	if ($innererror=~/line (\d+)/) {
 	    my $linenumber=$1;
 	    my @code=split("\n",$code);
@@ -138,7 +153,7 @@ sub dump {
 					$symname.'{$_} } sort keys %'.
 					$symname.')').")"
 				    }
-	    if ($line ne '') {$dump.=&HTML::Entities::encode($line)."
";} + if ($line ne '') {$dump.=&HTML::Entities::encode($line,'<>&"')."
";} } } $dump.='';