]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa04066)
better cleaning of imageurl SC#54, merged from MOODLE_14_STABLE
authorskodak <skodak>
Sat, 29 Jan 2005 10:03:09 +0000 (10:03 +0000)
committerskodak <skodak>
Sat, 29 Jan 2005 10:03:09 +0000 (10:03 +0000)
lib/editor/popups/preview.php patch | blob | history

diff --git a/lib/editor/popups/preview.php b/lib/editor/popups/preview.php
index 4fa83df06c8772da56f82817666f2e28de7b64f7..2240220e5aaeace4eceb9925d122efe3c4507616 100644 (file)
--- a/lib/editor/popups/preview.php
+++ b/lib/editor/popups/preview.php
@@ -1,12 +1,11 @@
 <?php // $Id$ preview for insert image dialog
-    
-    include("../../../config.php");
-    require("../../../files/mimetypes.php");
-    
+
+       include('../../../config.php');
+       
     $id       = required_param('id', PARAM_INT);
-    $imageurl = required_param('imageurl', PARAM_URL);
+    $imageurl = required_param('imageurl', PARAM_RAW);
 
-    if (! $course = get_record("course", "id", $id) ) {
+    if (! $course = get_record('course', 'id', $id) ) {
         error("That's an invalid course id");
     }
 
@@ -16,36 +15,21 @@
         error("Only teachers can use this functionality");
     }
 
-    $imageurl = rawurldecode($imageurl);   /// Full URL starts with $CFG->wwwroot/file.php
-    $imagepath = str_replace("$CFG->wwwroot/file.php", '', $imageurl);
-    $imagepath = str_replace("?file=", '', $imagepath); // if we're using second option of file path.
+    $imagetag = clean_text('<img src="'.htmlSpecialChars(stripslashes_safe($imageurl)).'" alt="" />');
 
-    $size = null;
-    if ($imagepath != $imageurl) {         /// This is an internal image
-        $size = getimagesize($CFG->dataroot.$imagepath);
-    }
-    
-    $width = $size[0];
-    $height = $size[1];
-    settype($width, "integer");
-    settype($height, "integer");
-    
-    if ($height >= 200) {
-        $division = ($height / 190);
-        $width = round($width / $division);
-        $height = 190;
-    }
-    echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n";
-    echo "\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
-    echo "<html>\n";
-    echo "<head>\n";
-    echo "<title>Preview</title>\n";
-    echo "<style type=\"text/css\">\n";
-    echo " body { margin: 2px; }\n";
-    echo "</style>\n";
-    echo "</head>\n";
-    echo "<body bgcolor=\"#ffffff\">\n";
-    print "<img src=\"$imageurl\" width=\"$width\" height=\"$height\" alt=\"\" />";
-    echo "</body>\n</html>\n";
-    
 ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<title>Preview</title>
+<style type="text/css">
+ body { margin: 2px; }
+</style>
+</head>
+<body bgcolor="#ffffff">
+
+<? echo $imagetag ?>
+
+</body>
+</html>
Unnamed repository; edit this file to name it for gitweb.