From 9d40806d0ec7be5bfe1717176a19eac52616dbc4 Mon Sep 17 00:00:00 2001 From: moodler Date: Mon, 9 Aug 2004 14:54:39 +0000 Subject: [PATCH] format_text now does a clean_text after all the filters, for added safety Practically all printed text in Moodle should use this function If you don't want to clean the text of unwanted tags and scripts, then set the parameter $options->noclean --- lib/weblib.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/weblib.php b/lib/weblib.php index 81fd5ab312..c2d86086c8 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -610,6 +610,9 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL case FORMAT_HTML: replace_smilies($text); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; case FORMAT_PLAIN: @@ -623,11 +626,17 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL $text = wiki_to_html($text); $text = rebuildnolinktag($text); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; case FORMAT_MARKDOWN: $text = markdown_to_html($text); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; default: // FORMAT_MOODLE or anything else @@ -642,6 +651,9 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL } $text = text_to_html($text, $options->smiley, $options->para, $options->newlines); $text = filter_text($text, $courseid); + if (!isset($options->noclean)) { + $text = clean_text($text, $format); + } break; } @@ -649,7 +661,7 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL $newrecord->md5key = $md5key; $newrecord->formattedtext = addslashes($text); $newrecord->timemodified = time(); - insert_record('cache_text', $newrecord); + @insert_record('cache_text', $newrecord); } return $text; -- 2.39.5