--- loncom/interface/lonaboutme.pm	2021/01/02 21:07:36	1.160
+++ loncom/interface/lonaboutme.pm	2022/10/29 14:47:00	1.163
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Personal Information Page
 #
-# $Id: lonaboutme.pm,v 1.160 2021/01/02 21:07:36 raeburn Exp $
+# $Id: lonaboutme.pm,v 1.163 2022/10/29 14:47:00 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -84,6 +84,7 @@ use Apache::lonlocal;
 use Apache::lonmsgdisplay();
 use Apache::lontemplate;
 use Apache::longroup;
+use Apache::lonhtmlcommon();
 use HTML::Entities();
 use Image::Magick;
 
@@ -108,6 +109,7 @@ sub handler {
         $is_course = &Apache::lonnet::is_course($cdom,$cnum);
     }
 
+    my $clientip = &Apache::lonnet::get_requestor_ip($r);
     my $candisplay = 1;
     if (!$is_course) {
         if ($action ne 'portfolio') {
@@ -153,7 +155,7 @@ sub handler {
                 '</ul>');
         } else {
             my ($blocked,$blocktext) =
-                &Apache::loncommon::blocking_status('port',$cnum,$cdom);
+                &Apache::loncommon::blocking_status('port',$clientip,$cnum,$cdom);
             if (!$blocked) {
                 &display_portfolio_files($r,$is_course);
             } else {
@@ -221,12 +223,14 @@ sub handler {
             $args->{'no_nav_bar'} = 1;
         } elsif (!$env{'form.register'}) { #Don't show breadcrumbs twice, when this page is part of course content and you call it
             if (($env{'request.course.id'}) &&
-                 ($env{'form.folderpath'} =~ /^supplemental/)) {
+                ($env{'form.folderpath'} =~ /^supplemental/)) {
+                &Apache::loncommon::validate_folderpath(1,'',$coursenum,$coursedomain);
                 my $crstype = &Apache::loncommon::course_type();
                 my $title = $env{'form.title'};
                 if ($title eq '') {
                     $title = &mt('Personal Information Page');
                 }
+                $title = &HTML::Entities::encode($title,'\'"<>&');
                 my $brcrum =
                     &Apache::lonhtmlcommon::docs_breadcrumbs(undef,$crstype,undef,$title,1);
                 if (ref($brcrum) eq 'ARRAY') {
@@ -241,7 +245,7 @@ sub handler {
         $r->print($start_page);
    }
    my ($blocked,$blocktext) =
-       &Apache::loncommon::blocking_status('about',$cnum,$cdom);
+       &Apache::loncommon::blocking_status('about',$clientip,$cnum,$cdom);
    if ($blocked) {
        if ($target eq 'tex') {
            $r->print('\noindent{\large\textbf{'.&mt('No user personal information page available').'}}\\\\\\\\');