![]() ![]() | ![]() |
Bug #1019. Allow limited HTML in templates.
# The LearningOnline Network # Bulletin Board Handler # # $Id: lonbulletin.pm,v 1.5 2003/02/10 16:22:28 www Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::lonbulletin; use strict; use Apache::Constants qw(:common); use Apache::loncommon; use Apache::lonnet; use Apache::lontexconvert; use Apache::lonxml; sub handler { my $r = shift; $r->content_type('text/html'); $r->send_http_header; return OK if $r->header_only; # ------------------------------------------------------------ Print the screen $r->print(<<ENDDOCUMENT); <html> <head> <title>The LearningOnline Network with CAPA</title> </head> ENDDOCUMENT my (undef,undef,undef,undef,$marker)=split(/\//,$r->uri); # Is this even in a course? unless ($ENV{'request.course.id'}) { $r->print('<body>Not in a course</body>'); return OK; } $marker=~s/\D//g; unless ($marker) { $r->print('<body>Invalid call</body>'); return OK; } my $dom = $ENV{'course.'.$ENV{'request.course.id'}.'.domain'}; my $crs = $ENV{'course.'.$ENV{'request.course.id'}.'.num'}; # --------------------------------------------------------- The syllabus fields my %syllabusfields=( 'aaa_title' => 'Topic', 'bbb_content' => 'Task', 'ccc_webreferences' => 'Web References'); # --------------------------------------------------------------- Force Student &Apache::loncommon::get_unprocessed_cgi ($ENV{'QUERY_STRING'},['forcestudent']); my $forcestudent=''; if ($ENV{'form.forcestudent'}) { $forcestudent='student'; }; my %syllabus=&Apache::lonnet::dump('bulletinpage_'.$marker,$dom,$crs); # --------------------------------------- There is such a user, get environment $r->print(&Apache::loncommon::bodytag ("Bulletin Board/Discussion",$forcestudent,'','',$dom)); my $allowed=&Apache::lonnet::allowed('srm',$ENV{'request.course.id'}); if ($forcestudent) { $allowed=0; } if ($allowed) { $r->print( '<p><a href="'.$r->uri.'?forcestudent=1">Show Public View</a>'. &Apache::loncommon::help_open_topic('Uploaded_Templates_PublicView').'</p>'); } if (($ENV{'form.uploaddoc.filename'}) && ($ENV{'form.storeupl'}) && ($allowed)) { if ($ENV{'form.uploaddoc.filename'}=~/\.(gif|jpg|png|jpeg)$/) { $syllabus{'uploaded.photourl'}= &Apache::lonnet::userfileupload('uploaddoc',1); } $syllabus{'uploaded.lastmodified'}=time; &Apache::lonnet::put('bulletinpage_'.$marker,\%syllabus,$dom,$crs); } if (($allowed) && ($ENV{'form.storesyl'})) { foreach (keys %syllabusfields) { my $field=$ENV{'form.'.$_}; $field=~s/\s+$//s; $field=&Apache::lonfeedback::clear_out_html($field,1); $syllabus{$_}=$field; } $syllabus{'uploaded.lastmodified'}=time; &Apache::lonnet::put('bulletinpage_'.$marker,\%syllabus,$dom,$crs); } # ---------------------------------------------------------------- Get syllabus if (($syllabus{'uploaded.lastmodified'}) || ($allowed)) { if ($syllabus{'uploaded.photourl'}) { $r->print('<img src="'. &Apache::lonnet::tokenwrapper($syllabus{'uploaded.photourl'}). '" align="right" />'); } if ($allowed) { $r->print( '<form method="post" enctype="multipart/form-data">'. '<h3>Upload a Photo</h3>'. '<input type="file" name="uploaddoc" size="50">'. '<input type="submit" name="storeupl" value="Upload">'. '</form><form method="post">'); } foreach (sort keys %syllabusfields) { if (($syllabus{$_}) || ($allowed)) { my $message=$syllabus{$_}; $message=~s/\n/\<br \/\>/g; $message =~s/(http\:\/\/[^\s]+)/\<a href=\"$1\"\>\<tt\>$1\<\/tt\>\<\/a\>/g; $message=&Apache::lontexconvert::msgtexconverted($message); unless ($_ eq 'aaa_title') { if (($_ ne 'bbb_content') || ($allowed)) { $r->print('<h3>'.$syllabusfields{$_}.'</h3>'); } $r->print('<blockquote>'. $message.'</blockquote>'); if ($allowed) { $r->print('<br /><textarea cols="80" rows="10" name="'.$_.'">'. $syllabus{$_}. '</textarea><input type="submit" name="storesyl" value="Store" />'); } } else { $r->print('<h1>'.$message.'</h1>'); if ($allowed) { $r->print( '<br />Topic<br /><textarea cols="80" rows="2" name="'.$_.'">'. $syllabus{$_}. '</textarea><input type="submit" name="storesyl" value="Store" />'); } } } } if ($allowed) { $r->print('</form>'); } $r->print('</p>'); } else { $r->print('<p>No page information provided.</p>'); } $r->print(&Apache::lonxml::xmlend(1,'bulletin___'.$marker.'___'. 'adm/wrapper'.$r->uri).'</body></html>'); return OK; } 1; __END__