From 6f84a9d2db9a48a676696ac8556827cf8a11c554 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Fri, 1 Oct 2004 10:32:34 +0000
Subject: [PATCH] Some clear_text() and format_text() calls added.
Merged from MOODLE_14_STABLE
---
mod/glossary/edit.html | 6 +++---
mod/glossary/edit.php | 4 ++--
mod/glossary/editcategories.php | 8 +++++---
3 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/mod/glossary/edit.html b/mod/glossary/edit.html
index 857352a69b..b0bfe62134 100644
--- a/mod/glossary/edit.html
+++ b/mod/glossary/edit.html
@@ -17,7 +17,7 @@ if (isset($errors)) {
<td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="5">
<tr>
<td width="150" align="right"><p><b><?php echo get_string("concept","glossary") ?>:</b></p></td>
- <td><input type="text" name="concept" size="30" value="<?php p($newentry->concept) ?>" /></td>
+ <td><input type="text" name="concept" size="30" value="<?php p(clean_text($newentry->concept)) ?>" /></td>
</tr>
<tr>
<td align="right"><p><b><?php echo get_string("categories","glossary") ?>:</b></p></td>
@@ -35,7 +35,7 @@ if (isset($errors)) {
echo "selected=\"selected\" " ;
}
}
- echo "value=\"$category->id\">$category->name</option>\n";
+ echo "value=\"$category->id\">".clean_text($category->name)."</option>\n";
}
}
echo "</select>\n";
@@ -53,7 +53,7 @@ if (isset($errors)) {
?></b></p>
</td>
<td valign="top">
- <textarea rows="2" name="aliases" cols="20"><?php p($newentry->aliases) ?></textarea>
+ <textarea rows="2" name="aliases" cols="20"><?php p(clean_text($newentry->aliases)) ?></textarea>
</td>
</tr>
<tr>
diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php
index 24c57353c6..94763eb8cb 100644
--- a/mod/glossary/edit.php
+++ b/mod/glossary/edit.php
@@ -53,7 +53,7 @@ if ( $confirm ) {
$newentry->course = $glossary->course;
$newentry->glossaryid = $glossary->id;
- $newentry->concept = trim($form->concept);
+ $newentry->concept = clean_text(trim($form->concept));
$newentry->definition = $form->text;
$newentry->format = $form->format;
$newentry->usedynalink = $form->usedynalink;
@@ -192,7 +192,7 @@ if ( $confirm ) {
}
}
if ( isset($form->aliases) ) {
- if ( $aliases = explode("\n",$form->aliases) ) {
+ if ( $aliases = explode("\n",clean_text($form->aliases)) ) {
foreach ($aliases as $alias) {
$alias = trim($alias);
if ($alias) {
diff --git a/mod/glossary/editcategories.php b/mod/glossary/editcategories.php
index b6ea86ac54..8e0f567bac 100644
--- a/mod/glossary/editcategories.php
+++ b/mod/glossary/editcategories.php
@@ -12,7 +12,9 @@
optional_variable($usedynalink); // category ID
optional_variable($confirm); // confirm the action
- optional_variable($name); // confirm the action
+ optional_variable($name); // confirm the name
+
+ $name = clean_text($name);
$action = strip_tags(urldecode($action)); //XSS
$hook = strip_tags(urldecode($hook)); //XSS
@@ -100,7 +102,7 @@
echo "<p align=\"center\">" . get_string("delete"). " " . get_string("category","glossary") . "<font size=\"3\">";
print_simple_box_start("center","40%", "#FFBBBB");
- echo "<center><b>$category->name</b><br />";
+ echo "<center><b>".format_text($category->name)."</b><br>";
$num_entries = count_records("glossary_entries_categories","categoryid",$category->id);
if ( $num_entries ) {
@@ -200,7 +202,7 @@
<tr bgcolor="<?php p($THEME->cellheading2)?>">
<td width="90%" align="left">
<?php
- echo "<b>$category->name</b> <font size=-1>($num_entries " . get_string("entries","glossary") . ")</font>";
+ echo "<b>".format_text($category->name)."</b> <font size=-1>($num_entries " . get_string("entries","glossary") . ")</font>";
?>
</td>
<td width="10%" align="center"><b>
--
2.39.5