From 64b8061180f33b890f883fcb67f39093a9eb57a1 Mon Sep 17 00:00:00 2001 From: Stephan Robotta Date: Wed, 4 Jan 2023 16:52:43 +0100 Subject: [PATCH] MDL-32114 form: markdown must be preserved on saving post - Markdown is saved to the DB, no conversion to HTML to keep ability to reedit the content without beaking it. - Blockquote element is styled that it's distingishable from normal text. --- lib/weblib.php | 5 ++--- mod/forum/post.php | 12 ++++++++---- theme/boost/scss/moodle/core.scss | 7 +++++++ theme/boost/style/moodle.css | 6 ++++++ theme/classic/style/moodle.css | 6 ++++++ 5 files changed, 29 insertions(+), 7 deletions(-) diff --git a/lib/weblib.php b/lib/weblib.php index 16ebfb5ea01..488c717ee6e 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -1325,9 +1325,8 @@ function format_text($text, $format = FORMAT_MOODLE, $options = null, $courseidd case FORMAT_MARKDOWN: $text = markdown_to_html($text); - if (!$options['noclean']) { - $text = clean_text($text, FORMAT_HTML, $options); - } + // The markdown parser does not strip dangerous html so we need to clean it, even if noclean is set to true. + $text = clean_text($text, FORMAT_HTML, $options); $text = $filtermanager->filter_text($text, $context, $filteroptions); break; diff --git a/mod/forum/post.php b/mod/forum/post.php index 921fafd72f3..a3f2925cc0a 100644 --- a/mod/forum/post.php +++ b/mod/forum/post.php @@ -343,7 +343,10 @@ if (!empty($forum)) { $canreplyprivately = forum_user_can_reply_privately($modcontext, $parent); } - $post = trusttext_pre_edit($post, 'message', $modcontext); + // If markdown is used, the parser does the job already, otherwise clean text from arbitrary code that might be dangerous. + if ($post->messageformat != FORMAT_MARKDOWN) { + $post = trusttext_pre_edit($post, 'message', $modcontext); + } // Unsetting this will allow the correct return URL to be calculated later. unset($SESSION->fromdiscussion); @@ -796,9 +799,10 @@ if ($mformpost->is_cancelled()) { // WARNING: the $fromform->message array has been overwritten, do not use it anymore! $fromform->messagetrust = trusttext_trusted($modcontext); - // Clean message text. - $fromform = trusttext_pre_edit($fromform, 'message', $modcontext); - + // Clean message text, unless markdown which should be saved as it is, otherwise editing messes things up. + if ($fromform->messageformat != FORMAT_MARKDOWN) { + $fromform = trusttext_pre_edit($fromform, 'message', $modcontext); + } if ($fromform->edit) { // Updating a post. unset($fromform->groupid); diff --git a/theme/boost/scss/moodle/core.scss b/theme/boost/scss/moodle/core.scss index c9731ca9bbe..e823c533314 100644 --- a/theme/boost/scss/moodle/core.scss +++ b/theme/boost/scss/moodle/core.scss @@ -3023,3 +3023,10 @@ body.dragging { } } } + +blockquote { + margin: 0 0.5rem 1rem; + padding-left: 1rem; + color: $gray-700; + border-left: 5px solid $gray-400; +} diff --git a/theme/boost/style/moodle.css b/theme/boost/style/moodle.css index 5c104f90a75..11c23ff5b32 100644 --- a/theme/boost/style/moodle.css +++ b/theme/boost/style/moodle.css @@ -12321,6 +12321,12 @@ body.dragging .dragging { border-top-right-radius: 0.2rem; border-bottom-right-radius: 0.2rem; } +blockquote { + margin: 0 0.5rem 1rem; + padding-left: 1rem; + color: #495057; + border-left: 5px solid #ced4da; } + .icon { font-size: 16px; width: 16px; diff --git a/theme/classic/style/moodle.css b/theme/classic/style/moodle.css index 79abfae5890..0f24b833901 100644 --- a/theme/classic/style/moodle.css +++ b/theme/classic/style/moodle.css @@ -12321,6 +12321,12 @@ body.dragging .dragging { border-top-right-radius: 0.2rem; border-bottom-right-radius: 0.2rem; } +blockquote { + margin: 0 0.5rem 1rem; + padding-left: 1rem; + color: #495057; + border-left: 5px solid #ced4da; } + .icon { font-size: 16px; width: 16px;