From: skodak <skodak>
Date: Mon, 24 Sep 2007 15:24:21 +0000 (+0000)
Subject: MDL-11413 revisited
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=6db001b53564b8a5ade57e2415a7d7919d791941;p=moodle.git

MDL-11413 revisited
---

diff --git a/lib/weblib.php b/lib/weblib.php
index 2835866b9c..5b0b530cd1 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1837,10 +1837,10 @@ function clean_text($text, $format=FORMAT_MOODLE) {
             /// Fix non standard entity notations
                 $text = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $text);
                 $text = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $text);
-                $text = str_replace('&#x03A;', ':', $text);
 
             /// Remove tags that are not allowed
                 $text = strip_tags($text, $ALLOWED_TAGS);
+                $text = str_replace('&#x03A;', ':', $text);
 
             /// Clean up embedded scripts and , using kses
                 $text = cleanAttributes($text);
@@ -1937,7 +1937,7 @@ function cleanAttributes2($htmlArray){
                 $value = kses_decode_entities($value);
                 $value = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $value);
                 $value = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $value);
-                $value = str_replace('&#x03A;', ':', $value);
+                $value = str_replace('&#x03A;', '', $value); //better not have these characters in output at all
                 if ($value === $prevvalue) {
                     $arreach['value'] = $value;
                     break;