From 08beb3327b318935583effa50bcdff097961b473 Mon Sep 17 00:00:00 2001 From: moodler Date: Fri, 18 Oct 2002 06:05:56 +0000 Subject: [PATCH] Allow tags in Moodle format text. Not having it can really mess up smileys etc if the text has been edited at any stage using the richtext editor. I realise it's possible for students to really mess up forums display etc if they wanted to include a huge picture ... I'm not sure if there are any cross-site scripting attacks possible with images in there. But there is also now the HTML format for most things, which is editable using an ordinary form, so this problem is currently already exposed. I think it's OK as long as can find a filter to strip all javascript out of ANY format text in Moodle. --- lib/languages.php | 1 + lib/moodlelib.php | 2 +- lib/weblib.php | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/languages.php b/lib/languages.php index 812a03006b..4fa0f44518 100644 --- a/lib/languages.php +++ b/lib/languages.php @@ -115,6 +115,7 @@ $LANGUAGES = array ( "pl" => "Polish", "ps" => "Pushto", "pt" => "Portuguese", +"pt_br" => "Portuguese (Brazil)", "qu" => "Quechua", "rm" => "Raeto-Romance", "rn" => "Rundi", diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 95b4c4b7a2..ccc10feaf2 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -116,7 +116,7 @@ function print_navigation ($navigation) { } function print_heading($text, $align="CENTER", $size=3) { - echo "

$text

"; + echo "

".stripslashes($text)."

"; } function print_continue($link) { diff --git a/lib/weblib.php b/lib/weblib.php index 8a32e13d74..2aac5658a1 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -351,7 +351,7 @@ function clean_text($text, $format) { switch ($format) { case FORMAT_MOODLE: - return strip_tags($text, '

    • '); + return strip_tags($text, '

        • '); break; case FORMAT_HTML: -- 2.39.5