mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 04:52:36 +02:00
Code Issues Projects Releases Wiki Activity

MDL-47371 weblib: Add option to disable escaping

Browse Source
This commit is contained in:
Cameron Ball 2016-07-05 17:56:58 +08:00
parent 5a1728df39
commit 6fb1a7177f
No known key found for this signature in database
GPG Key ID: 305B7F70214D810C
4 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/tests/externallib_test.php
View File

@ -196,6 +196,7 @@ class core_externallib_testcase extends advanced_testcase {
$correct = 'ENFR hi there%';
$this->assertSame($correct, external_format_string($test, $context->id, false, ['filter' => false]));
$this->assertSame("& < > \" '", format_string("& < > \" '", true, ['escape' => false]));
$settings->set_raw($currentraw);
$settings->set_filter($currentfilter);

1
lib/tests/weblib_test.php
View File

@ -37,6 +37,7 @@ class core_weblib_testcase extends advanced_testcase {
$this->assertSame("ANother &amp; &amp;&amp;&amp;&amp;&amp; Category", format_string("ANother & &&&&& Category"));
$this->assertSame("ANother &amp; &amp;&amp;&amp;&amp;&amp; Category", format_string("ANother & &&&&& Category", true));
$this->assertSame("Nick's Test Site &amp; Other things", format_string("Nick's Test Site & Other things", true));
$this->assertSame("& < > \" '", format_string("& < > \" '", true, ['escape' => false]));
// String entities.
$this->assertSame("&quot;", format_string("&quot;"));

1
lib/upgrade.txt
View File

@ -13,6 +13,7 @@ information provided here is intended especially for developers.
- get_user_max_upload_file_size()
* The following functions have been removed and should not be used any more:
- file_modify_html_header() - See MDL-29738 for more information.
* New option 'escape' added to format_string. When true (default), escapes HTML entities from the string
=== 3.1 ===

13
lib/weblib.php
View File

@ -1425,13 +1425,15 @@ function format_string($string, $striplinks = true, $options = null) {
$options['filter'] = true;
}
$options['escape'] = !isset($options['escape']) || $options['escape'];
if (!$options['context']) {
// We did not find any context? weird.
return $string = strip_tags($string);
}
// Calculate md5.
$md5 = md5($string.'<+>'.$striplinks.'<+>'.$options['context']->id.'<+>'.current_language());
$md5 = md5($string.'<+>'.$striplinks.'<+>'.$options['context']->id.'<+>'.$options['escape'].'<+>'.current_language());
// Fetch from cache if possible.
if (isset($strcache[$md5])) {
@ -1440,7 +1442,7 @@ function format_string($string, $striplinks = true, $options = null) {
// First replace all ampersands not followed by html entity code
// Regular expression moved to its own method for easier unit testing.
$string = replace_ampersands_not_followed_by_entity($string);
$string = $options['escape'] ? replace_ampersands_not_followed_by_entity($string) : $string;
if (!empty($CFG->filterall) && $options['filter']) {
$filtermanager = filter_manager::instance();
@ -1450,8 +1452,11 @@ function format_string($string, $striplinks = true, $options = null) {
// If the site requires it, strip ALL tags from this string.
if (!empty($CFG->formatstringstriptags)) {
$string = str_replace(array('<', '>'), array('&lt;', '&gt;'), strip_tags($string));
if ($options['escape']) {
$string = str_replace(array('<', '>'), array('&lt;', '&gt;'), strip_tags($string));
} else {
$string = strip_tags($string);
}
} else {
// Otherwise strip just links if that is required (default).
if ($striplinks) {