From: stronk7 <stronk7>
Date: Fri, 1 Oct 2004 10:32:34 +0000 (+0000)
Subject: Some clear_text() and format_text() calls added.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=6f84a9d2db9a48a676696ac8556827cf8a11c554;p=moodle.git

Some clear_text() and format_text() calls added.

Merged from MOODLE_14_STABLE
---

diff --git a/mod/glossary/edit.html b/mod/glossary/edit.html
index 857352a69b..b0bfe62134 100644
--- a/mod/glossary/edit.html
+++ b/mod/glossary/edit.html
@@ -17,7 +17,7 @@ if (isset($errors)) {
     <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="5">
         <tr>
           <td width="150" align="right"><p><b><?php echo get_string("concept","glossary") ?>:</b></p></td>
-          <td><input type="text" name="concept" size="30" value="<?php p($newentry->concept) ?>" /></td>
+          <td><input type="text" name="concept" size="30" value="<?php p(clean_text($newentry->concept)) ?>" /></td>
         </tr>
         <tr>
           <td align="right"><p><b><?php echo get_string("categories","glossary") ?>:</b></p></td>
@@ -35,7 +35,7 @@ if (isset($errors)) {
                         echo "selected=\"selected\" " ;
                     }
                 }
-                echo "value=\"$category->id\">$category->name</option>\n";
+                echo "value=\"$category->id\">".clean_text($category->name)."</option>\n";
             }
         }
         echo "</select>\n";
@@ -53,7 +53,7 @@ if (isset($errors)) {
             ?></b></p>
           </td>
           <td valign="top">
-             <textarea rows="2" name="aliases" cols="20"><?php p($newentry->aliases) ?></textarea>
+             <textarea rows="2" name="aliases" cols="20"><?php p(clean_text($newentry->aliases)) ?></textarea>
           </td>
         </tr>
         <tr>
diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php
index 24c57353c6..94763eb8cb 100644
--- a/mod/glossary/edit.php
+++ b/mod/glossary/edit.php
@@ -53,7 +53,7 @@ if ( $confirm ) {
     $newentry->course = $glossary->course;
     $newentry->glossaryid = $glossary->id;
 
-    $newentry->concept = trim($form->concept);
+    $newentry->concept = clean_text(trim($form->concept));
     $newentry->definition = $form->text;
     $newentry->format = $form->format;
     $newentry->usedynalink = $form->usedynalink;
@@ -192,7 +192,7 @@ if ( $confirm ) {
         }
     }
     if ( isset($form->aliases) ) {
-        if ( $aliases = explode("\n",$form->aliases) ) {
+        if ( $aliases = explode("\n",clean_text($form->aliases)) ) {
             foreach ($aliases as $alias) {
                 $alias = trim($alias);
                 if ($alias) {
diff --git a/mod/glossary/editcategories.php b/mod/glossary/editcategories.php
index b6ea86ac54..8e0f567bac 100644
--- a/mod/glossary/editcategories.php
+++ b/mod/glossary/editcategories.php
@@ -12,7 +12,9 @@
     optional_variable($usedynalink);  // category ID
     optional_variable($confirm);  // confirm the action
 
-    optional_variable($name);  // confirm the action
+    optional_variable($name);  // confirm the name
+
+    $name = clean_text($name);
 
     $action = strip_tags(urldecode($action));  //XSS
     $hook = strip_tags(urldecode($hook));  //XSS
@@ -100,7 +102,7 @@
                 echo "<p align=\"center\">" . get_string("delete"). " " . get_string("category","glossary") . "<font size=\"3\">";
 
                 print_simple_box_start("center","40%", "#FFBBBB");
-                echo "<center><b>$category->name</b><br />";
+                echo "<center><b>".format_text($category->name)."</b><br>";
                 
                 $num_entries = count_records("glossary_entries_categories","categoryid",$category->id);
                 if ( $num_entries ) {
@@ -200,7 +202,7 @@
              <tr bgcolor="<?php p($THEME->cellheading2)?>">
                <td width="90%" align="left">
                <?php
-                    echo "<b>$category->name</b> <font size=-1>($num_entries " . get_string("entries","glossary") . ")</font>";
+                    echo "<b>".format_text($category->name)."</b> <font size=-1>($num_entries " . get_string("entries","glossary") . ")</font>";
                ?>
                </td>
                <td width="10%" align="center"><b>

:
:	- <?php p($newentry->aliases) ?> + <?php p(clean_text($newentry->aliases)) ?>
$category->name ($num_entries " . get_string("entries","glossary") . ")"; + echo "".format_text($category->name)." ($num_entries " . get_string("entries","glossary") . ")"; ?>