From decec3da38a62c1b67abaa508c9bdc43a5743ece Mon Sep 17 00:00:00 2001 From: moodler Date: Fri, 1 Oct 2004 02:43:09 +0000 Subject: [PATCH] Merged parameter cleaning from stable --- lib/weblib.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/weblib.php b/lib/weblib.php index a66faefcfb..706efa7f65 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -2977,6 +2977,9 @@ function emoticonhelpbutton($form, $field) { function notice ($message, $link='') { global $CFG, $THEME; + $message = clean_text($message); + $link = clean_text($link); + if (!$link) { if (!empty($_SERVER['HTTP_REFERER'])) { $link = $_SERVER['HTTP_REFERER']; @@ -3003,6 +3006,10 @@ function notice ($message, $link='') { function notice_yesno ($message, $linkyes, $linkno) { global $THEME; + $message = clean_text($message); + $linkyes = clean_text($linkyes); + $linkno = clean_text($linkno); + print_simple_box_start('center', '60%', $THEME->cellheading); echo '

'. $message .'

'; echo '

'; @@ -3024,11 +3031,15 @@ function notice_yesno ($message, $linkyes, $linkno) { * first decode all entities in $url (since we cannot rely on) * the correct input) and then encode for where it's needed * echo ""; - */ function redirect($url, $message='', $delay='0') { + + $url = clean_text($url); + $message = clean_text($message); + $url = html_entity_decode($url); // for php < 4.3.0 this is defined in moodlelib.php $encodedurl = htmlentities($url); + if (empty($message)) { echo ''; echo ''; // To cope with Mozilla bug @@ -3056,6 +3067,9 @@ function redirect($url, $message='', $delay='0') { * @param string $align Paragraph alignment option */ function notify ($message, $color='red', $align='center') { + + $message = clean_text($message); + echo '

'. $message .'

' . "\n"; } -- 2.39.5