From: moodler Date: Mon, 9 Aug 2004 14:54:39 +0000 (+0000) Subject: format_text now does a clean_text after all the filters, for added safety X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=9d40806d0ec7be5bfe1717176a19eac52616dbc4;p=moodle.git format_text now does a clean_text after all the filters, for added safety Practically all printed text in Moodle should use this function If you don't want to clean the text of unwanted tags and scripts, then set the parameter $options->noclean --- diff --git a/lib/weblib.php b/lib/weblib.php index 81fd5ab312..c2d86086c8 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -610,6 +610,9 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL case FORMAT_HTML: replace_smilies($text); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; case FORMAT_PLAIN: @@ -623,11 +626,17 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL $text = wiki_to_html($text); $text = rebuildnolinktag($text); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; case FORMAT_MARKDOWN: $text = markdown_to_html($text); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; default: // FORMAT_MOODLE or anything else @@ -642,6 +651,9 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL } $text = text_to_html($text, $options->smiley, $options->para, $options->newlines); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; } @@ -649,7 +661,7 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL $newrecord->md5key = $md5key; $newrecord->formattedtext = addslashes($text); $newrecord->timemodified = time(); - insert_record('cache_text', $newrecord); + @insert_record('cache_text', $newrecord); } return $text;