From: skodak Date: Wed, 19 Nov 2008 16:46:41 +0000 (+0000) Subject: MDL-17236 html block: proper cleanup of html X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e8a7edd7d69a768f8cfcb257ce8d576e7fb82762;p=moodle.git MDL-17236 html block: proper cleanup of html --- diff --git a/blocks/html/block_html.php b/blocks/html/block_html.php index 2086c49f11..e7c0aebe6e 100755 --- a/blocks/html/block_html.php +++ b/blocks/html/block_html.php @@ -24,8 +24,13 @@ class block_html extends block_base { return $this->content; } - $filteropt = new stdClass; - $filteropt->noclean = true; + if (!empty($this->instance->pinned) or $this->instance->pagetype === 'course-view') { + // fancy html allowed only on course page and in pinned blocks for security reasons + $filteropt = new stdClass; + $filteropt->noclean = true; + } else { + $filteropt = null; + } $this->content = new stdClass; $this->content->text = isset($this->config->text) ? format_text($this->config->text, FORMAT_HTML, $filteropt) : ''; diff --git a/blocks/html/config_instance.html b/blocks/html/config_instance.html index 6352ee80e4..0d5feabc6f 100755 --- a/blocks/html/config_instance.html +++ b/blocks/html/config_instance.html @@ -1,4 +1,11 @@ - +config->text) ? $this->config->text : ''; + if (empty($this->instance->pinned) and $this->instance->pagetype !== 'course-view') { + $text = clean_text($text, FORMAT_HTML); + } +?> @@ -6,7 +13,7 @@ - +
:
:config->text)?$this->config->text:'') ?>