fixed clean_text() SC#76, merged from MOODLE_14_STABLE

diff --git a/lib/weblib.php b/lib/weblib.php
index a30870ea3a1717831dac1c6df8f2cea5c18e2cef..a522d1785c134830b02e2c61049a4b6413164637 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1129,13 +1129,13 @@ function clean_text($text, $format=FORMAT_MOODLE) {
         /// Remove tags that are not allowed
             $text = strip_tags($text, $ALLOWED_TAGS);
 
+        /// Clean up embedded scripts and , using kses
+            $text = cleanAttributes($text);
+
         /// Remove script events
             $text = eregi_replace("([^a-z])language([[:space:]]*)=", "\\1Xlanguage=", $text);
             $text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", "\\1Xon\\2=", $text);
 
-        /// Clean up embedded scripts and , using kses
-            $text = cleanAttributes($text);
-
             return $text;
     }
 }