mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

format_text now does a clean_text after all the filters, for added safety

Browse Source 
Practically all printed text in Moodle should use this function

If you don't want to clean the text of unwanted tags and scripts, then
set the parameter $options->noclean
This commit is contained in:
moodler 2004-08-09 14:54:39 +00:00
parent 43cbfc1999
commit 9d40806d0e
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/weblib.php
View File

@ -610,6 +610,9 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL
case FORMAT_HTML:
replace_smilies($text);
$text = filter_text($text, $courseid);
if (!isset($options->noclean)) {
$text = clean_text($text, $format);
}
break;
case FORMAT_PLAIN:
@ -623,11 +626,17 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL
$text = wiki_to_html($text);
$text = rebuildnolinktag($text);
$text = filter_text($text, $courseid);
if (!isset($options->noclean)) {
$text = clean_text($text, $format);
}
break;
case FORMAT_MARKDOWN:
$text = markdown_to_html($text);
$text = filter_text($text, $courseid);
if (!isset($options->noclean)) {
$text = clean_text($text, $format);
}
break;
default: // FORMAT_MOODLE or anything else
@ -642,6 +651,9 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL
}
$text = text_to_html($text, $options->smiley, $options->para, $options->newlines);
$text = filter_text($text, $courseid);
if (!isset($options->noclean)) {
$text = clean_text($text, $format);
}
break;
}
@ -649,7 +661,7 @@ function format_text($text, $format=FORMAT_MOODLE, $options=NULL, $courseid=NULL
$newrecord->md5key = $md5key;
$newrecord->formattedtext = addslashes($text);
$newrecord->timemodified = time();
insert_record('cache_text', $newrecord);
@insert_record('cache_text', $newrecord);
}
return $text;