MDL-11413 revisited

diff --git a/lib/weblib.php b/lib/weblib.php
index 2835866b9cdace23fb87531a9438774baa85c734..5b0b530cd1cb276c07cbdbf15df5f880981e5e57 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1837,10 +1837,10 @@ function clean_text($text, $format=FORMAT_MOODLE) {
             /// Fix non standard entity notations
                 $text = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $text);
                 $text = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $text);
-                $text = str_replace(':', ':', $text);
 
             /// Remove tags that are not allowed
                 $text = strip_tags($text, $ALLOWED_TAGS);
+                $text = str_replace(':', ':', $text);
 
             /// Clean up embedded scripts and , using kses
                 $text = cleanAttributes($text);
@@ -1937,7 +1937,7 @@ function cleanAttributes2($htmlArray){
                 $value = kses_decode_entities($value);
                 $value = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $value);
                 $value = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $value);
-                $value = str_replace(':', ':', $value);
+                $value = str_replace(':', '', $value); //better not have these characters in output at all
                 if ($value === $prevvalue) {
                     $arreach['value'] = $value;
                     break;