From 12d369cddca653bb06adcdb51408ab5b26a023a5 Mon Sep 17 00:00:00 2001
From: Geoff Goehle <goehle@gmail.com>
Date: Tue, 10 Sep 2013 18:44:20 -0400
Subject: [PATCH 1/3] Fixed a bug where Scrubber was eating <'s  (2760)

Fixed incorrect text when viewing a problem via the library
---
 lib/WeBWorK/ContentGenerator/GatewayQuiz.pm              | 2 +-
 lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm | 2 +-
 lib/WeBWorK/ContentGenerator/Problem.pm                  | 2 +-
 lib/WeBWorK/Localize/en.po                               | 2 +-
 lib/WeBWorK/Localize/en_us.po                            | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
index 413391a151..ea1b3ed389 100644
--- a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
+++ b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
@@ -1015,7 +1015,7 @@ sub pre_header_initialize {
 	    default=> 1,
 	    script => 0,
 	    process => 0,
-	    comment => 0
+	    comment => 1
 	    );
 	foreach my $key (keys %$formFields) {
 	    if ($key =~ /AnSwEr/) {
diff --git a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
index e849ce9b0a..2745d8c3f0 100644
--- a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
+++ b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
@@ -138,7 +138,7 @@ sub initialize {
 			default=> 1,
 			script => 0,
 			process => 0,
-			comment => 0
+			comment => 1
 			);
 		    
 		    my $comment = $scrubber->scrub( ( defined $r->param("$userID.comment") )?$r->param("$userID.comment"):'' );
diff --git a/lib/WeBWorK/ContentGenerator/Problem.pm b/lib/WeBWorK/ContentGenerator/Problem.pm
index 310cae9aa7..da1abcb98c 100644
--- a/lib/WeBWorK/ContentGenerator/Problem.pm
+++ b/lib/WeBWorK/ContentGenerator/Problem.pm
@@ -728,7 +728,7 @@ sub pre_header_initialize {
 	    default=> 1,
 	    script => 0,
 	    process => 0,
-	    comment => 0
+	    comment => 1
 	    );
 	foreach my $key (keys %$formFields) {
 	    if ($key =~ /AnSwEr/) {
diff --git a/lib/WeBWorK/Localize/en.po b/lib/WeBWorK/Localize/en.po
index 77fce7a62f..68ffb4b443 100644
--- a/lib/WeBWorK/Localize/en.po
+++ b/lib/WeBWorK/Localize/en.po
@@ -45,7 +45,7 @@ msgstr "Prev"
 
 #
 msgid "navProbListGrey"
-msgstr "tr: Up"
+msgstr "Up"
 
 #
 msgid "navNextGrey"
diff --git a/lib/WeBWorK/Localize/en_us.po b/lib/WeBWorK/Localize/en_us.po
index 22972376a0..c7d08893b3 100644
--- a/lib/WeBWorK/Localize/en_us.po
+++ b/lib/WeBWorK/Localize/en_us.po
@@ -33,7 +33,7 @@ msgstr "Prev"
 
 #
 msgid "navProbListGrey"
-msgstr "tr: Up"
+msgstr "Up"
 
 #
 msgid "navNextGrey"

From b998ea4debd219412bb1980deffee88375bad917 Mon Sep 17 00:00:00 2001
From: Geoff Goehle <goehle@gmail.com>
Date: Tue, 10 Sep 2013 19:52:52 -0400
Subject: [PATCH 2/3] Removing scrubber

---
 conf/defaults.config                          |  1 -
 lib/WeBWorK/ContentGenerator/GatewayQuiz.pm   | 22 -------------------
 .../Instructor/ProblemGrader.pm               | 13 -----------
 lib/WeBWorK/ContentGenerator/Problem.pm       | 22 +------------------
 4 files changed, 1 insertion(+), 57 deletions(-)

diff --git a/conf/defaults.config b/conf/defaults.config
index 1264c97aa6..6ba2a8521b 100644
--- a/conf/defaults.config
+++ b/conf/defaults.config
@@ -979,7 +979,6 @@ $pg{specialPGEnvironmentVars}{problemPostamble} = { TeX => '', HTML=>'' };
 # should appear as [qw(Mymodule.pm, Dependency1.pm, Dependency2.pm)]
 
 ${pg}{modules} = [
-        [qw(HTML::Scrubber)],
         [qw(HTML::Parser)],
         [qw(HTML::Entities)],
 	[qw(DynaLoader)],
diff --git a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
index ea1b3ed389..0c75b4efaf 100644
--- a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
+++ b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
@@ -41,7 +41,6 @@ use WeBWorK::Utils::Tasks qw(fake_set fake_set_version fake_problem);
 use WeBWorK::Debug;
 use WeBWorK::ContentGenerator::Instructor qw(assignSetVersionToUser);
 use PGrandom;
-use HTML::Scrubber;
 
 # template method
 sub templateName {
@@ -1010,27 +1009,6 @@ sub pre_header_initialize {
 
 	my $formFields = { WeBWorK::Form->new_from_paramable($r)->Vars };
 
-	##### scrub answer fields for xss badness #####
-	my $scrubber = HTML::Scrubber->new(
-	    default=> 1,
-	    script => 0,
-	    process => 0,
-	    comment => 1
-	    );
-	foreach my $key (keys %$formFields) {
-	    if ($key =~ /AnSwEr/) {
-		$formFields->{$key} = $scrubber->scrub(		
-			(defined $formFields->{$key})? $formFields->{$key}:'' # using // would be more elegant but breaks perl 5.8.x
-		);
-		### HTML::scrubber is a little too enthusiastic about
-		### removing > and < so we have to add them back in otherwise
-		### they confuse pg
-		$formFields->{$key} =~ s/&lt;/</g;
-		$formFields->{$key} =~ s/&gt;/>/g;
-	    }
-	}
-	
-	
 	$self->{displayMode}    = $displayMode;
 	$self->{redisplay}      = $redisplay;
 	$self->{submitAnswers}  = $submitAnswers;
diff --git a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
index 2745d8c3f0..97b2d82f2d 100644
--- a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
+++ b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
@@ -20,7 +20,6 @@ package WeBWorK::ContentGenerator::Instructor::ProblemGrader;
 use base qw(WeBWorK::ContentGenerator);
 use WeBWorK::Utils qw(sortByName ); 
 use WeBWorK::PG;
-use HTML::Scrubber;
 
 =head1 NAME
 
@@ -130,18 +129,6 @@ sub initialize {
 		#if the instructor added a comment we should save that to the latest answer
 		if ($r->param("$userID.comment")) {
 
-		    ### $comment needs to be sanitized.  It could currently contain badness written 
-		    ### into the comment by the instructor 
-		    
-
-		    my $scrubber = HTML::Scrubber->new(
-			default=> 1,
-			script => 0,
-			process => 0,
-			comment => 1
-			);
-		    
-		    my $comment = $scrubber->scrub( ( defined $r->param("$userID.comment") )?$r->param("$userID.comment"):'' );
 		    my $userPastAnswerID = $db->latestProblemPastAnswer($courseName, $userID, $setID, $problemID); 
 		    
 		    if ($userPastAnswerID) {
diff --git a/lib/WeBWorK/ContentGenerator/Problem.pm b/lib/WeBWorK/ContentGenerator/Problem.pm
index da1abcb98c..6c11f1b719 100644
--- a/lib/WeBWorK/ContentGenerator/Problem.pm
+++ b/lib/WeBWorK/ContentGenerator/Problem.pm
@@ -42,7 +42,6 @@ use URI::Escape;
 use WeBWorK::Localize;
 use WeBWorK::Utils::Tasks qw(fake_set fake_problem);
 use WeBWorK::AchievementEvaluator;
-use HTML::Scrubber;
 
 ################################################################################
 # CGI param interface to this module (up-to-date as of v1.153)
@@ -723,26 +722,7 @@ sub pre_header_initialize {
 		$formFields->{$_} = $oldAnswers{$_} foreach keys %oldAnswers;
 	}
 	
-	##### scrub answer fields for xss badness #####
-     	my $scrubber = HTML::Scrubber->new(
-	    default=> 1,
-	    script => 0,
-	    process => 0,
-	    comment => 1
-	    );
-	foreach my $key (keys %$formFields) {
-	    if ($key =~ /AnSwEr/) {
-		$formFields->{$key} = $scrubber->scrub(		
-			(defined $formFields->{$key})? $formFields->{$key}:'' # using // would be more elegant but breaks perl 5.8.x
-		);
-		### HTML::scrubber is a little too enthusiastic about
-		### removing > and < so we have to add them back in otherwise
-		### they confuse pg
-		$formFields->{$key} =~ s/&lt;/</g;
-		$formFields->{$key} =~ s/&gt;/>/g;
-	    }
-	}
-	
+
 	##### translation #####
 
 	debug("begin pg processing");

From cd59c2ddfe5162022702803e4afe6477e5041fab Mon Sep 17 00:00:00 2001
From: Geoff Goehle <goehle@gmail.com>
Date: Tue, 10 Sep 2013 20:15:48 -0400
Subject: [PATCH 3/3] Fixed mssing my

---
 lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
index 97b2d82f2d..7fba50364b 100644
--- a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
+++ b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm
@@ -129,6 +129,7 @@ sub initialize {
 		#if the instructor added a comment we should save that to the latest answer
 		if ($r->param("$userID.comment")) {
 
+		    my $comment = $r->param("$userID.comment");
 		    my $userPastAnswerID = $db->latestProblemPastAnswer($courseName, $userID, $setID, $problemID); 
 		    
 		    if ($userPastAnswerID) {