Merge branch 'MDL-75946-401' of https://github.com/davewoloszyn/moodle into MOODLE_401_STABLE

2025-03-25 01:50:55 +01:00 · 2023-02-07 10:44:40 +08:00 · 2023-02-07 10:44:40 +08:00 · 0ce350e78a
commit 0ce350e78a
parent 5f5355065a 562d62474e
4 changed files with 9 additions and 3 deletions
--- a/h5p/h5plib/v124/joubel/editor/h5peditor-file.class.php
+++ b/h5p/h5plib/v124/joubel/editor/h5peditor-file.class.php
@ -15,7 +15,7 @@ class H5peditorFile {
   * Constructor. Process data for file uploaded through the editor.
   */
  function __construct($interface) {
-    $field = filter_input(INPUT_POST, 'field', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+    $field = filter_input(INPUT_POST, 'field', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);

    // Check for file upload.
    if ($field === NULL || empty($_FILES) || !isset($_FILES['file'])) {
--- a/h5p/h5plib/v124/joubel/editor/readme_moodle.txt
+++ b/h5p/h5plib/v124/joubel/editor/readme_moodle.txt
@ -31,3 +31,5 @@ Changed:
 * Add "use stdClass;" in h5peditor.class.php and h5peditor-file.class.php (check that it's still used before replacing it when
   upgrading the library).
 * Edit language/en.js and remove the content for 'filters' (it's a JSON with several fields, such as level or language).
+ * If https://github.com/h5p/h5p-editor-php-library/pull/148 hasn't been merged, a patch needs to be added in
+ h5p/h5plib/v124/joubel/editor/h5peditor-file.class.php, to replace FILTER_SANITIZE_STRING to FILTER_SANITIZE_FULL_SPECIAL_CHARS.
--- a/lib/horde/framework/Horde/Variables.php
+++ b/lib/horde/framework/Horde/Variables.php
@ -335,8 +335,8 @@ class Horde_Variables implements ArrayAccess, Countable, IteratorAggregate
        }

        return is_array($val)
-            ? filter_var_array($val, FILTER_SANITIZE_STRING)
-            : filter_var($val, FILTER_SANITIZE_STRING);
+            ? filter_var_array($val, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES)
+            : filter_var($val, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES);
    }

    /* Protected methods. */
--- a/lib/horde/readme_moodle.txt
+++ b/lib/horde/readme_moodle.txt
@ -13,6 +13,10 @@ Description of import of Horde libraries
  passing in your path to Horde (the directory you've cloned the repository):
    /tmp/copyhorde.sh ~/git/base/directory/from/step/2

+
+Notes:
+* 2023-01-20 Applied patch https://github.com/horde/Util/pull/10
+
 ====
 #!/bin/sh