--- loncom/xml/run.pm	2004/02/26 23:39:04	1.45
+++ loncom/xml/run.pm	2004/07/13 19:12:46	1.47
@@ -1,6 +1,6 @@
 package Apache::run;
 #
-# $Id: run.pm,v 1.45 2004/02/26 23:39:04 albertel Exp $
+# $Id: run.pm,v 1.47 2004/07/13 19:12:46 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -46,7 +46,26 @@ while (!$_LONCAPA_INTERNAL_oldexpression
                 # only match the above if there is not { [ ( coming up
                 # Why? (I.e. this fails &a(1)[2]
                 (?=[^\[\{\(]|$)/
-         &__LC_INTERNAL_EVALUATE__($1,$2,$3)/sexg;
+		 my ($__LC__a,$__LC__b,$__LC__c)=($1,$2,$3);
+		 my $__LC__prefix;
+		 my $result;
+		 while (1) {
+		     { 
+			 use strict;
+			 no strict "vars";
+			 if (eval(defined(eval($__LC__a.$__LC__b)))) {
+			     $result= $__LC__prefix.eval($__LC__a.$__LC__b.$__LC__c);
+			     last;
+			 }
+		     }
+		     $__LC__prefix.=substr($__LC__a,0,1,"");
+		     if ($__LC__a!~m-^(\$|&|\#)-) { last; }
+		 }
+		 if (!defined($result)) {
+		     $result=$__LC__prefix.$__LC__a.$__LC__b.$__LC__c;
+		 }
+		 $result;
+                  /sexg;
     if (scalar(values(%_LONCAPA_INTERNAL_oldexpressions))>10) {last;}
 }
 ENDEVALUATE
@@ -63,6 +82,7 @@ sub evaluate {
 	die("timeout");
     };
     my $innererror;
+    $safeeval->permit("require");
     eval {
 	alarm($Apache::lonnet::perlvar{'lonScriptTimeout'});
 	$safeeval->reval('{'.$decls.';$_=<<\'EXPRESSION\';'."\n".$expression.
@@ -70,6 +90,7 @@ sub evaluate {
 	$innererror=$@;
 	alarm(0);
     };
+    $safeeval->deny("require");
     my $error=$@;
     if ($error eq '' && $innererror eq '' && !$Apache::run::timeout) {
 	$result = $safeeval->reval('return $_;');
@@ -80,12 +101,12 @@ sub evaluate {
 		$Apache::lonnet::perlvar{'lonScriptTimeout'}.' seconds';
 	}
 	&Apache::lonxml::error('substitution on <pre>'.
-			       &HTML::Entities::encode($expression).
+			       &HTML::Entities::encode($expression,'<>&"').
 			       '</pre> with <pre>'.
-			       &HTML::Entities::encode($decls).
+			       &HTML::Entities::encode($decls,'<>&"').
 			       '</pre> caused <pre>'.
-			       &HTML::Entities::encode($error).' '.
-			       &HTML::Entities::encode($innererror).
+			       &HTML::Entities::encode($error,'<>&"').' '.
+			       &HTML::Entities::encode($innererror,'<>&"').
 			       '</pre>');
     }
     return $result
@@ -113,10 +134,10 @@ sub run {
 	    $error = 'Code ran too long. It ran for more than '.
 		$Apache::lonnet::perlvar{'lonScriptTimeout'}.' seconds';
 	}
-	my $errormsg='<pre>'.&HTML::Entities::encode($error).' '.
-	    &HTML::Entities::encode($innererror).
+	my $errormsg='<pre>'.&HTML::Entities::encode($error,'<>&"').' '.
+	    &HTML::Entities::encode($innererror,'<>&"').
 	    '</pre> occured while running <pre>';
-	$code=&HTML::Entities::encode($code);
+	$code=&HTML::Entities::encode($code,'<>&"');
 	if ($innererror=~/line (\d+)/) {
 	    my $linenumber=$1;
 	    my @code=split("\n",$code);
@@ -153,7 +174,7 @@ sub dump {
 					$symname.'{$_} } sort keys %'.
 					$symname.')').")"
 				    }
-	    if ($line ne '') {$dump.=&HTML::Entities::encode($line)."<br />";}
+	    if ($line ne '') {$dump.=&HTML::Entities::encode($line,'<>&"')."<br />";}
 	}
     }
     $dump.='';