trusttext implementation in Forum module, fixed incorrect merging, added missing...

diff --git a/mod/forum/db/mysql.php b/mod/forum/db/mysql.php
index 9b239d47d382def109f963af174bbdec544143b6..6cd2a9f60630b81857742cd9c8b066c2412503ca 100644 (file)
--- a/mod/forum/db/mysql.php
+++ b/mod/forum/db/mysql.php
@@ -267,7 +267,17 @@ function forum_upgrade($oldversion) {
           
       } // End if.
   }
-  
+
+  if ($oldversion < 2006082700) {
+      $sql = "UPDATE {$CFG->prefix}forum_posts SET message = REPLACE(message, '".TRUSTTEXT."', '');";
+      $likecond = sql_ilike()." '%".TRUSTTEXT."%'";
+      while (true) {
+          if (!count_records_select('forum_posts', "message $likecond")) {
+              break;
+          }
+          execute_sql($sql);
+      }
+  }
   
   return true;
   

diff --git a/mod/forum/db/postgres7.php b/mod/forum/db/postgres7.php
index 8e2435b399b48fc95ef210379d0362503d202612..6603f91363aad831cf4e3ab3ae257b6195a87fba 100644 (file)
--- a/mod/forum/db/postgres7.php
+++ b/mod/forum/db/postgres7.php
@@ -179,6 +179,56 @@ function forum_upgrade($oldversion) {
       execute_sql("INSERT INTO {$CFG->prefix}log_display (module, action, mtable, field) VALUES ('forum', 'user report', 'user', 'firstname||\' \'||lastname')");
   }
 
+  if ($oldversion < 2006081800) {
+      // Upgrades for new roles and capabilities support.
+      require_once($CFG->dirroot.'/mod/forum/lib.php');
+      
+      $forummod = get_record('modules', 'name', 'forum');
+      
+      if ($forums = get_records('forum')) {
+          
+          if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) {
+              notice('Default student role was not found. Roles and permissions '.
+                     'for all your forums will have to be manually set after '.
+                     'this upgrade.');
+          }
+          if (!$guestroles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) {
+              notice('Default guest role was not found. Roles and permissions '.
+                     'for teacher forums will have to be manually set after '.
+                     'this upgrade.');
+          }
+          
+          foreach ($forums as $forum) {
+              if (!forum_convert_to_roles($forum, $forummod->id,
+                        $studentroles, $guestroles)) {
+                  notice('Forum with id '.$forum->id.' was not upgraded');
+              }
+          }
+          
+          // Drop column forum.open.
+          modify_database('', 'ALTER TABLE prefix_forum DROP COLUMN open;');
+          
+          // Drop column forum.assesspublic.
+          modify_database('', 'ALTER TABLE prefix_forum DROP COLUMN assesspublic;');
+          
+          // We need to rebuild all the course caches to refresh the state of
+          // the forum modules.
+          rebuild_course_cache();
+          
+      } // End if.
+  }
+
+  if ($oldversion < 2006082700) {
+      $sql = "UPDATE {$CFG->prefix}forum_posts SET message = REPLACE(message, '".TRUSTTEXT."', '');";
+      $likecond = sql_ilike()." '%".TRUSTTEXT."%'";
+      while (true) {
+          if (!count_records_select('forum_posts', "message $likecond")) {
+              break;
+          }
+          execute_sql($sql);
+      }
+  }
+
   return true;
 
 }

diff --git a/mod/forum/lib.php b/mod/forum/lib.php
index 410047e3179ba645597c1148e73888996e10abbe..f567bc89920628871af02aedb77aaac9d9c4a5cd 100644 (file)
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@@ -666,7 +666,7 @@ function forum_make_mail_text($course, $forum, $discussion, $post, $userfrom, $u
     }
     $posttext .= "\n".$strbynameondate."\n";
     $posttext .= "---------------------------------------------------------------------\n";
-    $posttext .= format_text_email($post->message, $post->format);
+    $posttext .= format_text_email(trusttext_strip($post->message), $post->format);
     $posttext .= "\n\n";
     if ($post->attachment) {
         $post->course = $course->id;
@@ -1650,7 +1650,7 @@ function forum_make_mail_post(&$post, $user, $touser, $course,
     if (empty($formattedtextid) or $formattedtextid != $post->id) {    // Recalculate the formatting
         $options = new Object;
         $options->para = true;
-        $formattedtext = format_text($post->message, $post->format, $options, $course->id);
+        $formattedtext = format_text(trusttext_strip($post->message), $post->format, $options, $course->id);
         $formattedtextid = $post->id;
     }
 
@@ -1867,6 +1867,7 @@ function forum_print_post(&$post, $courseid, $ownpost=false, $reply=false, $link
 
     $options = new Object;
     $options->para = false;
+    $options->trusttext = true;
     if ($link and (strlen(strip_tags($post->message)) > $CFG->forum_longpost)) {
         // Print shortened version
         echo format_text(forum_shorten_post($post->message), $post->format, $options, $courseid);

diff --git a/mod/forum/post.html b/mod/forum/post.html
index 03a2b9b7591aeab98b83336c2ccf504e2b16af15..62d065d3953b8683592f22ac270de5eda389b4ce 100644 (file)
--- a/mod/forum/post.html
+++ b/mod/forum/post.html
@@ -13,6 +13,9 @@ if (!isset($discussion->timestart)) {
 if (!isset($discussion->timeend)) {
     $discussion->timeend = 0;
 }
+
+trusttext_prepare_edit($post->message, $post->format, $usehtmleditor, $modcontext);
+
 ?>
 <form name="theform" method="post" action="post.php" enctype="multipart/form-data">
 <table border="0" cellpadding="5">

diff --git a/mod/forum/post.php b/mod/forum/post.php
index bf6ca6c54b81fb4b03d200f2906e3d3029e2e201..04252e6bcd4ac4f26abbe6cd0d6dc186c1d888e1 100644 (file)
--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@@ -85,9 +85,9 @@
             $errordestination = $SESSION->fromurl;
         }
 
-        $post->subject = strip_tags($post->subject, '<lang><span>');        // Strip all tags except lang
+        $post->subject = clean_param(strip_tags($post->subject, '<lang><span>'), PARAM_CLEAN); // Strip all tags except multilang
 
-        //$post->message = clean_text($post->message, $post->format);   // Clean up any bad tags
+        //$post->message will be cleaned later before display
 
         $post->attachment = isset($_FILES['attachment']) ? $_FILES['attachment'] : NULL;
 
@@ -95,6 +95,7 @@
             $cm->id = 0;
         }
         $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
+        trusttext_after_edit($post->message, $modcontext);
 
         if (!$post->subject or !$post->message) {
             $post->error = get_string("emptymessage", "forum");
@@ -174,7 +175,7 @@
                     $timemessage = 4;
                 }
 
-                if ($post->mailnow) {
+                if (!empty($post->mailnow)) {
                     $message .= get_string("postmailnow", "forum");
                     $timemessage = 4;
                 }
@@ -614,6 +615,7 @@
 
     require_login($course->id, false, $cm);
 
+    $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
 
     if ($post->discussion) {
         if (! $toppost = get_record("forum_posts", "discussion", $post->discussion, "parent", 0)) {

diff --git a/mod/forum/search.php b/mod/forum/search.php
index fdf4ca2d59fd9e7b419a81f78a0b6ba6337ea96f..15a5cd4fab947c908271bc35b527046f6b457739 100644 (file)
--- a/mod/forum/search.php
+++ b/mod/forum/search.php
@@ -204,7 +204,15 @@
         //Use highlight() with nonsense tags to spot search terms in the
         //actual text content first.          fiedorow - 9/2/2005
         $missing_terms = "";
-        $message = highlight($strippedsearch,format_text($post->message, $post->format, NULL, $course->id),
+        $options = new object();
+        $options->trusttext = true;
+        // detect TRUSTTEXT marker before first call to format_text
+        if (trusttext_present($post->message)) {
+            $ttpresent = true;
+        } else {
+            $ttpresent = false;
+        }
+        $message = highlight($strippedsearch,format_text($post->message, $post->format, $options, $course->id),
                 0,'<fgw9sdpq4>','</fgw9sdpq4>');
 
         foreach ($searchterms as $searchterm) {
@@ -212,6 +220,8 @@
                 $missing_terms .= " $searchterm";
             }
         }
+        // now is the right time to strip the TRUSTTEXT marker, we will add it later if needed
+        $post->message = trusttext_strip($post->message);
 
         $message = str_replace('<fgw9sdpq4>','<span class="highlight">',$message);
         $message = str_replace('</fgw9sdpq4>','</span>',$message);
@@ -219,6 +229,7 @@
         if ($missing_terms) {
             $strmissingsearchterms = get_string('missingsearchterms','forum');
             $post->message = '<p class="highlight2">'.$strmissingsearchterms.' '.$missing_terms.'</p>'.$message;
+            $ttpresent = false;
         } else {
             $post->message = $message;
         }
@@ -226,6 +237,13 @@
         $fulllink = "<a href=\"discuss.php?d=$post->discussion#$post->id\">".get_string("postincontext", "forum")."</a>";
         //search terms already highlighted - fiedorow - 9/2/2005
         $SESSION->forum_search = true;
+
+        // reconstruct the TRUSTTEXT properly after processing
+        if ($ttpresent) {
+            $post->message = trusttext_mark($post->message);
+        } else {
+            $post->message = trusttext_strip($post->message); //make 100% sure TRUSTTEXT marker was not created during processing
+        }
         forum_print_post($post, $course->id, false, false, false, false, $fulllink);
         unset($SESSION->forum_search);
 

diff --git a/mod/forum/version.php b/mod/forum/version.php
index ce44c5255d77084254f3f3bbcb7f84bc09fa8f5d..6faadfdca1af78b06ed3cfceaa9823754309af2c 100644 (file)
--- a/mod/forum/version.php
+++ b/mod/forum/version.php
@@ -5,8 +5,8 @@
 //  This fragment is called by /admin/index.php
 ////////////////////////////////////////////////////////////////////////////////
 
-$module->version  = 2006081800;
-$module->requires = 2006080900;  // Requires this Moodle version
+$module->version  = 2006082700;
+$module->requires = 2006082600;  // Requires this Moodle version
 $module->cron     = 60;
 
 ?>