From ea6073bb48494aca27fb895832c75a1bd94d951c Mon Sep 17 00:00:00 2001 From: skodak Date: Mon, 21 Apr 2008 13:26:08 +0000 Subject: [PATCH] MDL-13025 added data intro text formatting without cleaning - manage activity cap already marked with XSS risk; merged from MOODLE_19_STABLE --- mod/data/index.php | 9 ++++++--- mod/data/view.php | 4 +++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/mod/data/index.php b/mod/data/index.php index 6f8d6c7b10..648f0549b3 100755 --- a/mod/data/index.php +++ b/mod/data/index.php @@ -28,7 +28,7 @@ $id = required_param('id', PARAM_INT); // course if (! $course = get_record("course", "id", $id)) { - print_error("Course ID is incorrect"); + error("Course ID is incorrect"); } require_course_login($course); @@ -80,6 +80,9 @@ array_push($table->align, 'center'); } + $options = new object(); + $options->noclean = true; + $currentsection = ""; foreach ($datas as $data) { @@ -123,10 +126,10 @@ } $currentsection = $data->section; } - $row = array ($printsection, $link, $data->intro, $numrecords, $numunapprovedrecords); + $row = array ($printsection, $link, format_text($data->intro, FORMAT_MOODLE, $options), $numrecords, $numunapprovedrecords); } else { - $row = array ($link, $data->intro, $numrecords, $numunapprovedrecords); + $row = array ($link, format_text($data->intro, FORMAT_MOODLE, $options), $numrecords, $numunapprovedrecords); } if ($rss) { diff --git a/mod/data/view.php b/mod/data/view.php index acdeb0593e..bb5cab3c2e 100755 --- a/mod/data/view.php +++ b/mod/data/view.php @@ -307,7 +307,9 @@ } if ($data->intro and empty($page) and empty($record) and $mode != 'single') { - print_box(format_text($data->intro), 'generalbox', 'intro'); + $options = new object(); + $options->noclean = true; + print_box(format_text($data->intro, FORMAT_MOODLE, $options), 'generalbox', 'intro'); } /// Delete any requested records -- 2.39.5