return $this->content;
}
- $filteropt = new stdClass;
- $filteropt->noclean = true;
+ if (!empty($this->instance->pinned) or $this->instance->pagetype === 'course-view') {
+ // fancy html allowed only on course page and in pinned blocks for security reasons
+ $filteropt = new stdClass;
+ $filteropt->noclean = true;
+ } else {
+ $filteropt = null;
+ }
$this->content = new stdClass;
$this->content->text = isset($this->config->text) ? format_text($this->config->text, FORMAT_HTML, $filteropt) : '';
-<?php $usehtmleditor = can_use_html_editor(); ?>
+<?php
+ $usehtmleditor = can_use_html_editor();
+
+ $text = isset($this->config->text) ? $this->config->text : '';
+ if (empty($this->instance->pinned) and $this->instance->pagetype !== 'course-view') {
+ $text = clean_text($text, FORMAT_HTML);
+ }
+?>
<table cellpadding="9" cellspacing="0">
<tr valign="top">
<td align="right"><?php print_string('configtitle', 'block_html'); ?>:</td>
</tr>
<tr valign="top">
<td align="right"><?php print_string('configcontent', 'block_html'); ?>:</td>
- <td><?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', isset($this->config->text)?$this->config->text:'') ?></td>
+ <td><?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', $text) ?></td>
</tr>
<tr>
<td colspan="3" align="center">
projects / moodle.git / commitdiff