--- loncom/lonenc.pm	2007/10/05 18:33:29	1.22
+++ loncom/lonenc.pm	2020/03/15 23:04:05	1.26
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # URL translation for encrypted filenames
 #
-# $Id: lonenc.pm,v 1.22 2007/10/05 18:33:29 albertel Exp $
+# $Id: lonenc.pm,v 1.26 2020/03/15 23:04:05 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,6 +34,17 @@ use Crypt::IDEA;
 use Time::HiRes qw(gettimeofday);
 use LONCAPA;
  
+
+#
+#  If a module makes multiple SSI calls and some of the ssi calls result in a
+#  resource for an encoded URL, and this can be done in an unprivileged role,
+#  there must be a mechanism t oreset the 'request.enc' environment variable.
+#  This sub centralizes that mechanism:
+#
+sub reset_enc {
+    $env{'request.enc'} = 0;
+}
+
 sub encryptseed {
     my ($cid) = @_;
     if (!defined($cid)) {
@@ -105,9 +116,9 @@ sub remove_noise {
 }
 
 sub encrypted {
-    my ($uri,$force_enc) = @_;
+    my ($uri,$force_enc,$cid) = @_;
     if (!$force_enc && $env{'request.role.adv'}) { return($uri); }
-    my $seed=&encryptseed();
+    my $seed=&encryptseed($cid);
     unless ($seed) {
 	return $uri;
     }
@@ -154,11 +165,13 @@ sub encrypt_ref {
 	    next if (!$value); 
 	    next if ($value =~ /^\w+:/); # explict javascript: or http: link
 	    my $href=&Apache::lonnet::hreflocation($Apache::lonxml::pwd[-1],$value);
-	    if ($href !~ /^http:/) {
+	    if ($href !~ /^https?\:/) {
 		# IE really wants an extension
 		my ($extension) = ($href =~ m/(\.[^.]*)$/);
-		$href = &Apache::lonenc::encrypted($href,$force_enc);
-		$href .= $extension;
+		my $newhref = &Apache::lonenc::encrypted($href,$force_enc);
+		unless ($newhref eq $href) {
+		    $href = $newhref.$extension;
+		}
 	    }
 	    $token->[2]->{$name}=$href;
 	}