--- loncom/auth/lonroles.pm 2012/08/27 11:48:24 1.269.2.2 +++ loncom/auth/lonroles.pm 2012/09/04 20:47:46 1.276 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.269.2.2 2012/08/27 11:48:24 raeburn Exp $ +# $Id: lonroles.pm,v 1.276 2012/09/04 20:47:46 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -141,7 +141,7 @@ use Apache::loncoursequeueadmin; use GDBM_File; use LONCAPA qw(:DEFAULT :match); use HTML::Entities; - + sub redirect_user { my ($r,$title,$url,$msg) = @_; @@ -149,7 +149,6 @@ sub redirect_user { &Apache::loncommon::content_type($r,'text/html'); &Apache::loncommon::no_cache($r); $r->send_http_header; - my $swinfo=&Apache::lonmenu::rawconfig(); # Breadcrumbs my $brcrum = [{'href' => $url, @@ -164,11 +163,6 @@ sub redirect_user { $url=~s/ /\%20/g; $r->print(< -// -

$msg

$end_page ENDREDIR @@ -219,7 +213,7 @@ sub handler { &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}); -# -------------------------------------------------- Check if setting hot list +# -------------------------------------------------- Check if setting hot list my $hotlist; if ($env{'form.action'} eq 'verify_and_change_rolespref') { $hotlist = &Apache::lonpreferences::verify_and_change_rolespref($r); @@ -585,11 +579,52 @@ ENDENTERKEY $furl = "/adm/helper/course.initialization.helper"; # Send the user to the course they selected } elsif ($env{'request.course.id'}) { - if ($env{'form.destinationurl'}) { - my $dest = $env{'form.destinationurl'}; - if ($env{'form.destsymb'} ne '') { - my $esc_symb = &HTML::Entities::encode($env{'form.destsymb'},'"<>&'); - $dest .= '?symb='.$esc_symb; + my ($dest,$destsymb,$checkenc); + $dest = $env{'form.destinationurl'}; + $destsymb = $env{'form.destsymb'}; + if ($dest ne '') { + if ($env{'form.switchrole'}) { + if ($destsymb ne '') { + if ($destsymb !~ m{^/enc/}) { + unless ($env{'request.role.adv'}) { + $checkenc = 1; + } + } + } + if ($dest =~ m{^/enc/}) { + if ($env{'request.role.adv'}) { + $dest = &Apache::lonenc::unencrypted($dest); + if ($destsymb eq '') { + ($destsymb) = ($dest =~ /\?symb=([^\&]*)/); + $destsymb = &unescape($destsymb); + } + } + } else { + if ($destsymb eq '') { + ($destsymb) = ($dest =~ /\?symb=([^\&]+)/); + $destsymb = &unescape($destsymb); + } + unless ($env{'request.role.adv'}) { + $checkenc = 1; + } + } + if (($checkenc) && ($destsymb ne '')) { + my ($encstate,$unencsymb,$res); + my $unencsymb = &Apache::lonnet::symbclean($destsymb); + (undef,undef,$res) = &Apache::lonnet::decode_symb($unencsymb); + &Apache::lonnet::symbverify($unencsymb,$res,\$encstate); + if ($encstate) { + if (($dest ne '') && ($dest !~ m{^/enc/})) { + $dest=&Apache::lonenc::encrypted($dest); + } + } + } + } + unless (($dest =~ m{^/enc/}) || ($dest =~ /\?symb=.+___\d+___.+/)) { + if (($destsymb ne '') && ($destsymb !~ m{^/enc/})) { + my $esc_symb = &escape($destsymb); + $dest .= '?symb='.$esc_symb; + } } &redirect_user($r, &mt('Entering [_1]', $env{'course.'.$courseid.'.description'}), @@ -716,7 +751,7 @@ function rolesView (caller) { document.rolechoice.display.value = caller; } else { if ((caller == 'doupdate') || (caller == 'requestauthor') || - (caller == 'queued')) { + (caller == 'queued')) { document.rolechoice.state.value = caller; } } @@ -800,7 +835,7 @@ ENDHEADER } if ($hotlist) { $showresult .= $hotlist; - } + } $showresult .= ''; $r->print($showresult); } elsif ($env{'form.state'} eq 'queued') { @@ -825,7 +860,7 @@ ENDHEADER \%sortrole,\%roleclass,\%futureroles,\%timezones,$loncaparev); $refresh = $now; &Apache::lonnet::appenv({'user.refresh.time' => $refresh}); - unless ($env{'user.adv'}) { + unless ($env{'user.adv'}) { if ($countactive > 0) { my $domdesc = &Apache::lonnet::domain($env{'user.domain'},'description'); my $esc_dom = &HTML::Entities::encode($env{'user.domain'},'"<>&'); @@ -2535,7 +2570,7 @@ sub get_roles_functions { if (($rolescount > 3) || ($env{'environment.recentroles'})) { push(@links,['/adm/preferences?action=changerolespref&returnurl=/adm/roles','role_hotlist-22x22',&mt('Hotlist')]); } - + my $funcs = &Apache::lonhtmlcommon::start_funclist(); foreach my $link (@links) { $funcs .= &Apache::lonhtmlcommon::add_item_funclist( @@ -2570,7 +2605,7 @@ sub get_queued { if (ref($history{'details'}) eq 'HASH') { $description = $history{details}{'cdescr'}; } - @{$reqcrs{$reqtime}} = ($description,$showtype); + @{$reqcrs{$reqtime}} = ($description,$showtype); } } my @sortedtimes = sort {$a <=> $b} (keys(%reqcrs));