From: moodler <moodler>
Date: Tue, 11 Apr 2006 13:00:13 +0000 (+0000)
Subject: Don't clean final HTML template output, the input should be sanitised.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=edaa546ad5ad6f531aa5699eea4fceaf5840fff4;p=moodle.git

Don't clean final HTML template output, the input should be sanitised.
---

diff --git a/mod/data/lib.php b/mod/data/lib.php
index 8198bd258f..b7371f8523 100755
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@@ -322,7 +322,7 @@ class data_field_base {     /// Base class for Database Field Types (see field/*
  *****************************************************************************/
 function data_generate_default_template(&$data, $template, $recordid=0, $form=false, $update=true) {
 
-    if (!$data && !$template){
+    if (!$data && !$template) {
         return false;
     }
     
@@ -888,10 +888,11 @@ function data_print_template($template, $records, $data, $search='',$page=0, $re
         ///actual replacement of the tags
         $newtext = preg_replace($patterns, $replacement, $data->{$template});
         $options->para=false;
+        $options->noclean=true;
         if ($return) {
             return format_text($newtext, FORMAT_HTML, $options);
         } else {
-            echo format_text($newtext, FORMAT_HTML, $options);    //prints the template with tags replaced
+            echo format_text($newtext, FORMAT_HTML, $options); 
         }
 
         /**********************************