--- loncom/auth/lonroles.pm	2015/04/20 12:11:02	1.269.2.23
+++ loncom/auth/lonroles.pm	2015/06/09 21:22:44	1.312
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.269.2.23 2015/04/20 12:11:02 raeburn Exp $
+# $Id: lonroles.pm,v 1.312 2015/06/09 21:22:44 damieng Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -143,7 +143,7 @@ use Apache::lonrss;
 use GDBM_File;
 use LONCAPA qw(:DEFAULT :match);
 use HTML::Entities;
- 
+
 
 sub redirect_user {
     my ($r,$title,$url,$msg) = @_;
@@ -151,7 +151,6 @@ sub redirect_user {
     &Apache::loncommon::content_type($r,'text/html');
     &Apache::loncommon::no_cache($r);
     $r->send_http_header;
-    my $swinfo=&Apache::lonmenu::rawconfig();
 
     # Breadcrumbs
     my $brcrum = [{'href' => $url,
@@ -166,11 +165,6 @@ sub redirect_user {
     $url=~s/ /\%20/g;
     $r->print(<<ENDREDIR);
 $start_page
-<script type="text/javascript">
-// <![CDATA[
-$swinfo
-// ]]>
-</script>
 <p>$msg</p>
 $end_page
 ENDREDIR
@@ -229,7 +223,7 @@ sub handler {
 
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'});
 
-# -------------------------------------------------- Check if setting hot list
+# -------------------------------------------------- Check if setting hot list 
     my $hotlist;
     if ($env{'form.action'} eq 'verify_and_change_rolespref') {
         $hotlist = &Apache::lonpreferences::verify_and_change_rolespref($r);
@@ -518,10 +512,10 @@ ENDENTERKEY
 
 		    if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) {
                         my $msg;
-                        my ($furl,$ferr)=
-                            &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
+			my ($furl,$ferr)=
+			    &Apache::lonuserstate::readmap($cdom.'/'.$cnum);
                         unless ($ferr) {
-                            unless (($env{'form.switchrole'}) ||
+                            unless (($env{'form.switchrole'}) || 
                                     ($env{"environment.internal.$cdom.$cnum.$role.adhoc"})) {
                                 &Apache::lonnet::put('nohist_crslastlogin',
                                     {$env{'user.name'}.':'.$env{'user.domain'}.
@@ -544,7 +538,7 @@ ENDENTERKEY
                         }
 			if (($env{'form.orgurl'}) && 
 			    ($env{'form.orgurl'}!~/^\/adm\/flip/) &&
-                            ($env{'form.orgurl'} ne '/adm/roles')) {
+			    ($env{'form.orgurl'} ne '/adm/roles')) {
 			    my $dest=$env{'form.orgurl'};
                             if ($env{'form.symb'}) {
                                 if ($dest =~ /\?/) {
@@ -610,7 +604,7 @@ ENDENTERKEY
                                                 if ($env{'request.role.adv'}) {
                                                     $dest = &Apache::lonenc::unencrypted($dest);
                                                     if ($destsymb eq '') {
-                                                        ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]*)/); 
+                                                        ($destsymb) = ($dest =~ /(?:\?|\&)symb=([^\&]*)/);
                                                         $destsymb = &unescape($destsymb);
                                                     }
                                                 }
@@ -635,7 +629,7 @@ ENDENTERKEY
                                                 }
                                             }
                                         }
-                                        unless (($dest =~ m{^/enc/}) || ($dest =~ /(\?|\&)symb=.+___\d+___.+/)) { 
+                                        unless (($dest =~ m{^/enc/}) || ($dest =~ /(\?|\&)symb=.+___\d+___.+/)) {
                                             if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) {
                                                 my $esc_symb = &escape($destsymb);
                                                 $dest .= '?symb='.$esc_symb;
@@ -738,7 +732,7 @@ ENDENTERKEY
         $crumbtext = 'Courses';
         $pagetitle = 'My Courses';
         $recent = &mt('Recent Courses');
-        $standby = &mt('Course selected. Please stand by.');
+        $standby = &mt('Course selected. Please stand by.'); 
     }
     my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}];
 
@@ -753,7 +747,7 @@ ENDENTERKEY
         $cattype = $domdefs{'catauth'};
     }
     my $funcs = &get_roles_functions($showcount,$cattype);
-    $standby=~s/\n/\\n/g;
+    &js_escape(\$standby);
     my $noscript='<br /><span class="LC_error">'.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'<br />'.&mt('As this is not the case, most functionality in the system will be unavailable.').'</span><br />';
 
     $r->print(<<ENDHEADER);
@@ -786,7 +780,7 @@ function rolesView (caller) {
         document.rolechoice.display.value = caller;
     } else {
         if ((caller == 'doupdate') || (caller == 'requestauthor') ||
-            (caller == 'queued')) {
+            (caller == 'queued')) { 
             document.rolechoice.state.value = caller;
         }
     }
@@ -870,7 +864,7 @@ ENDHEADER
             }
             if ($hotlist) {
                 $showresult .= $hotlist;
-            }
+            } 
             $showresult .= '</div>';
             $r->print($showresult);
         } elsif ($env{'form.state'} eq 'queued') {
@@ -1766,10 +1760,11 @@ sub courselink {
 }
 
 sub coursepick_jscript {
-    my %lt = &Apache::lonlocal::texthash(
+    my %js_lt = &Apache::lonlocal::texthash(
                   plsu => "Please use the 'Select Course/Community' link to open a separate pick course window where you may select the course or community you wish to enter.",
                   youc => 'You can only use this screen to select courses and communities in the current domain.',
              );
+    &js_escape(\%js_lt);
     my $verify_script = <<"END";
 <script type="text/javascript">
 // <![CDATA[
@@ -1786,11 +1781,11 @@ function verifyCoursePick(caller) {
             }
         }
         else {
-            alert("$lt{'plsu'}");
+            alert("$js_lt{'plsu'}");
         }
     }
     else {
-        alert("$lt{'youc'}")
+        alert("$js_lt{'youc'}")
     }
 }
 function getIndex(caller) {
@@ -2182,7 +2177,7 @@ sub update_session_roles {
             &curr_role_status($currstart,$currend,$refresh,$update);
         my ($rolekey) = ($envkey =~ /^user\.role\.(.+)$/);
         my ($role,$rest)=split(m{\./},$rolekey,2);
-        $rest = '/'.$rest; 
+        $rest = '/'.$rest;
         if (&Apache::lonnet::delenv($envkey,undef,[$role])) {
             if ($status_in_env eq 'active') {
                 if ($role eq 'gr') {
@@ -2382,15 +2377,15 @@ sub update_session_roles {
                         }
                         my $groupdesc;
                         unless (ref($curr_groups{$cdom.'_'.$cnum}) eq 'HASH') {
-                            %{$curr_groups{$cdom.'_'.$cnum}} =
+                            %{$curr_groups{$cdom.'_'.$cnum}} = 
                                 &Apache::longroup::coursegroups($cdom,$cnum);
                         }
                         unless ((ref($groupdescs{$cdom.'_'.$cnum}) eq 'HASH') &&
                             ($groupdescs{$cdom.'_'.$cnum}{$group})) {
 
-                            my %groupinfo =
+                            my %groupinfo = 
                                 &Apache::longroup::get_group_settings($curr_groups{$cdom.'_'.$cnum}{$group});
-                            $groupdescs{$cdom.'_'.$cnum}{$group} =
+                            $groupdescs{$cdom.'_'.$cnum}{$group} = 
                                 &unescape($groupinfo{'description'});
                         }
                         $groupdesc = $groupdescs{$cdom.'_'.$cnum}{$group};
@@ -2509,7 +2504,7 @@ sub update_session_roles {
                 my $cdom = $env{'course.'.$cid.'.domain'};
                 my $cnum = $env{'course.'.$cid.'.num'};
                 my %curr_groups = &Apache::longroup::coursegroups($cdom,$cnum);
-                my %groupdesc;
+                my %groupdesc; 
                 if (ref($groupchange{$crs}) eq 'HASH') {
                     $groupchgmsg .= '<li>'.&mt('Course/Community: [_1]','<b>'.$crsdesc.'</b><ul>');
                     foreach my $group (sort(keys(%{$groupchange{$crs}}))) {
@@ -2727,7 +2722,7 @@ sub get_queued {
             if (ref($history{'details'}) eq 'HASH') {
                 $description = $history{details}{'cdescr'};
             }
-            @{$reqcrs{$reqtime}} = ($description,$showtype);
+            @{$reqcrs{$reqtime}} = ($description,$showtype); 
         }
     }
     my @sortedtimes = sort {$a <=> $b} (keys(%reqcrs));