[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lon-capa-cvs
Subject:    [LON-CAPA-cvs] cvs: loncom /homework edit.pm
From:       raeburn <raeburn () source ! lon-capa ! org>
Date:       2017-10-04 12:55:10
Message-ID: cvsraeburn1507121710 () cvsserver
[Download RAW message or body]

raeburn		Wed Oct  4 12:55:10 2017 EDT

  Modified files:              
    /loncom/homework	edit.pm 
  Log:
  - Prevent javascript error from argument in saveScrollPosition(), 
    when buttons are pressed, if filename includes single quotes(s).
  
  
Index: loncom/homework/edit.pm
diff -u loncom/homework/edit.pm:1.154 loncom/homework/edit.pm:1.155
--- loncom/homework/edit.pm:1.154	Fri Jul  1 19:59:15 2016
+++ loncom/homework/edit.pm	Wed Oct  4 12:55:09 2017
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA 
 # edit mode helpers
 #
-# $Id: edit.pm,v 1.154 2016/07/01 19:59:15 raeburn Exp $
+# $Id: edit.pm,v 1.155 2017/10/04 12:55:09 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -789,13 +789,13 @@
 
 sub submit_ask_anyway {
     my ($extra_action) = @_;
-    my $resource = $env{'request.ambiguous'};
+    my $resource = &Apache::loncommon::escape_single($env{'request.ambiguous'});
     return ' onclick="saveScrollPosition(\''.$resource.'\');still_ask=true;'.$extra_action.';" ';
 }
 
 sub submit_dont_ask {
     my ($extra_action) = @_;
-    my $resource = $env{'request.ambiguous'};
+    my $resource = &Apache::loncommon::escape_single($env{'request.ambiguous'});
     return ' onclick="saveScrollPosition(\''.$resource.'\');is_submit=true;'.$extra_action.';" ';
 }
 


_______________________________________________
LON-CAPA-cvs mailing list
LON-CAPA-cvs@mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-cvs
[prev in list] [next in list] [prev in thread] [next in thread]