Merge branch 'MDL-32114-401' of https://github.com/srobotta/moodle into MOODLE_401_STABLE

2025-03-22 00:20:37 +01:00 · 2023-01-06 11:20:47 +00:00 · 2023-01-06 11:20:47 +00:00 · b99d68087d
commit b99d68087d
parent 93d95cf1fe 64b8061180
5 changed files with 29 additions and 7 deletions
--- a/lib/weblib.php
+++ b/lib/weblib.php
@ -1325,9 +1325,8 @@ function format_text($text, $format = FORMAT_MOODLE, $options = null, $courseidd

        case FORMAT_MARKDOWN:
            $text = markdown_to_html($text);
-            if (!$options['noclean']) {
-                $text = clean_text($text, FORMAT_HTML, $options);
-            }
+            // The markdown parser does not strip dangerous html so we need to clean it, even if noclean is set to true.
+            $text = clean_text($text, FORMAT_HTML, $options);
            $text = $filtermanager->filter_text($text, $context, $filteroptions);
            break;

--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@ -343,7 +343,10 @@ if (!empty($forum)) {
        $canreplyprivately = forum_user_can_reply_privately($modcontext, $parent);
    }

-    $post = trusttext_pre_edit($post, 'message', $modcontext);
+    // If markdown is used, the parser does the job already, otherwise clean text from arbitrary code that might be dangerous.
+    if ($post->messageformat != FORMAT_MARKDOWN) {
+        $post = trusttext_pre_edit($post, 'message', $modcontext);
+    }

    // Unsetting this will allow the correct return URL to be calculated later.
    unset($SESSION->fromdiscussion);
@ -796,9 +799,10 @@ if ($mformpost->is_cancelled()) {
    // WARNING: the $fromform->message array has been overwritten, do not use it anymore!
    $fromform->messagetrust  = trusttext_trusted($modcontext);

-    // Clean message text.
-    $fromform = trusttext_pre_edit($fromform, 'message', $modcontext);
-
+    // Clean message text, unless markdown which should be saved as it is, otherwise editing messes things up.
+    if ($fromform->messageformat != FORMAT_MARKDOWN) {
+        $fromform = trusttext_pre_edit($fromform, 'message', $modcontext);
+    }
    if ($fromform->edit) {
        // Updating a post.
        unset($fromform->groupid);
--- a/theme/boost/scss/moodle/core.scss
+++ b/theme/boost/scss/moodle/core.scss
@ -3023,3 +3023,10 @@ body.dragging {
        }
    }
 }
+
+blockquote {
+    margin: 0 0.5rem 1rem;
+    padding-left: 1rem;
+    color: $gray-700;
+    border-left: 5px solid $gray-400;
+}
--- a/theme/boost/style/moodle.css
+++ b/theme/boost/style/moodle.css
@ -12321,6 +12321,12 @@ body.dragging .dragging {
  border-top-right-radius: 0.2rem;
  border-bottom-right-radius: 0.2rem; }

+blockquote {
+  margin: 0 0.5rem 1rem;
+  padding-left: 1rem;
+  color: #495057;
+  border-left: 5px solid #ced4da; }
+
 .icon {
  font-size: 16px;
  width: 16px;
--- a/theme/classic/style/moodle.css
+++ b/theme/classic/style/moodle.css
@ -12321,6 +12321,12 @@ body.dragging .dragging {
  border-top-right-radius: 0.2rem;
  border-bottom-right-radius: 0.2rem; }

+blockquote {
+  margin: 0 0.5rem 1rem;
+  padding-left: 1rem;
+  color: #495057;
+  border-left: 5px solid #ced4da; }
+
 .icon {
  font-size: 16px;
  width: 16px;