MDL-11413 I hope now it is correct solution

diff --git a/lib/kses.php b/lib/kses.php
index 0c379d8d552dcc68e8fb8e599ba7517dad891280..3c04e6626a09a1182f1801af6bb23d48bd1fd4e2 100644 (file)
--- a/lib/kses.php
+++ b/lib/kses.php
@@ -470,7 +470,7 @@ function kses_bad_protocol_once($string, $allowed_protocols)
 ###############################################################################
 {
   return preg_replace('/^((&[^;]*;|[\sA-Za-z0-9])*)'.
-                      '(:|&#0*58;|&#[Xx]3[Aa];)\s*/e',
+                      '(:|&#0*58;|&#[Xx]0*3[Aa];)\s*/e',
                       'kses_bad_protocol_once2("\\1", $allowed_protocols)',
                       $string);
 } # function kses_bad_protocol_once

diff --git a/lib/weblib.php b/lib/weblib.php
index f0512e52eca5f1b76ed0bc8372cc3ab444889103..f879ade193d7b1edb77c24b35fec1cc4b50e45d8 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1842,7 +1842,6 @@ function clean_text($text, $format=FORMAT_MOODLE) {
 
             /// Remove tags that are not allowed
                 $text = strip_tags($text, $ALLOWED_TAGS);
-                $text = str_replace(':', ':', $text);
 
             /// Clean up embedded scripts and , using kses
                 $text = cleanAttributes($text);
@@ -1939,7 +1938,6 @@ function cleanAttributes2($htmlArray){
                 $value = kses_decode_entities($value);
                 $value = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $value);
                 $value = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $value);
-                $value = str_replace(':', '', $value); //better not have these characters in output at all
                 if ($value === $prevvalue) {
                     $arreach['value'] = $value;
                     break;