From f2b5d7e3b799ffa5f30fbaf55f8e6cc67ccbb61f Mon Sep 17 00:00:00 2001 From: skodak Date: Sun, 27 Aug 2006 20:45:04 +0000 Subject: [PATCH] trusttext implementation in Forum module, fixed incorrect merging, added missing postresql upgrade code, some other minor fixes --- mod/forum/db/mysql.php | 12 ++++++++- mod/forum/db/postgres7.php | 50 ++++++++++++++++++++++++++++++++++++++ mod/forum/lib.php | 5 ++-- mod/forum/post.html | 3 +++ mod/forum/post.php | 8 +++--- mod/forum/search.php | 20 ++++++++++++++- mod/forum/version.php | 4 +-- 7 files changed, 93 insertions(+), 9 deletions(-) diff --git a/mod/forum/db/mysql.php b/mod/forum/db/mysql.php index 9b239d47d38..6cd2a9f6063 100644 --- a/mod/forum/db/mysql.php +++ b/mod/forum/db/mysql.php @@ -267,7 +267,17 @@ function forum_upgrade($oldversion) { } // End if. } - + + if ($oldversion < 2006082700) { + $sql = "UPDATE {$CFG->prefix}forum_posts SET message = REPLACE(message, '".TRUSTTEXT."', '');"; + $likecond = sql_ilike()." '%".TRUSTTEXT."%'"; + while (true) { + if (!count_records_select('forum_posts', "message $likecond")) { + break; + } + execute_sql($sql); + } + } return true; diff --git a/mod/forum/db/postgres7.php b/mod/forum/db/postgres7.php index 8e2435b399b..6603f91363a 100644 --- a/mod/forum/db/postgres7.php +++ b/mod/forum/db/postgres7.php @@ -179,6 +179,56 @@ function forum_upgrade($oldversion) { execute_sql("INSERT INTO {$CFG->prefix}log_display (module, action, mtable, field) VALUES ('forum', 'user report', 'user', 'firstname||\' \'||lastname')"); } + if ($oldversion < 2006081800) { + // Upgrades for new roles and capabilities support. + require_once($CFG->dirroot.'/mod/forum/lib.php'); + + $forummod = get_record('modules', 'name', 'forum'); + + if ($forums = get_records('forum')) { + + if (!$studentroles = get_roles_with_capability('moodle/legacy:student', CAP_ALLOW)) { + notice('Default student role was not found. Roles and permissions '. + 'for all your forums will have to be manually set after '. + 'this upgrade.'); + } + if (!$guestroles = get_roles_with_capability('moodle/legacy:guest', CAP_ALLOW)) { + notice('Default guest role was not found. Roles and permissions '. + 'for teacher forums will have to be manually set after '. + 'this upgrade.'); + } + + foreach ($forums as $forum) { + if (!forum_convert_to_roles($forum, $forummod->id, + $studentroles, $guestroles)) { + notice('Forum with id '.$forum->id.' was not upgraded'); + } + } + + // Drop column forum.open. + modify_database('', 'ALTER TABLE prefix_forum DROP COLUMN open;'); + + // Drop column forum.assesspublic. + modify_database('', 'ALTER TABLE prefix_forum DROP COLUMN assesspublic;'); + + // We need to rebuild all the course caches to refresh the state of + // the forum modules. + rebuild_course_cache(); + + } // End if. + } + + if ($oldversion < 2006082700) { + $sql = "UPDATE {$CFG->prefix}forum_posts SET message = REPLACE(message, '".TRUSTTEXT."', '');"; + $likecond = sql_ilike()." '%".TRUSTTEXT."%'"; + while (true) { + if (!count_records_select('forum_posts', "message $likecond")) { + break; + } + execute_sql($sql); + } + } + return true; } diff --git a/mod/forum/lib.php b/mod/forum/lib.php index 410047e3179..f567bc89920 100644 --- a/mod/forum/lib.php +++ b/mod/forum/lib.php @@ -666,7 +666,7 @@ function forum_make_mail_text($course, $forum, $discussion, $post, $userfrom, $u } $posttext .= "\n".$strbynameondate."\n"; $posttext .= "---------------------------------------------------------------------\n"; - $posttext .= format_text_email($post->message, $post->format); + $posttext .= format_text_email(trusttext_strip($post->message), $post->format); $posttext .= "\n\n"; if ($post->attachment) { $post->course = $course->id; @@ -1650,7 +1650,7 @@ function forum_make_mail_post(&$post, $user, $touser, $course, if (empty($formattedtextid) or $formattedtextid != $post->id) { // Recalculate the formatting $options = new Object; $options->para = true; - $formattedtext = format_text($post->message, $post->format, $options, $course->id); + $formattedtext = format_text(trusttext_strip($post->message), $post->format, $options, $course->id); $formattedtextid = $post->id; } @@ -1867,6 +1867,7 @@ function forum_print_post(&$post, $courseid, $ownpost=false, $reply=false, $link $options = new Object; $options->para = false; + $options->trusttext = true; if ($link and (strlen(strip_tags($post->message)) > $CFG->forum_longpost)) { // Print shortened version echo format_text(forum_shorten_post($post->message), $post->format, $options, $courseid); diff --git a/mod/forum/post.html b/mod/forum/post.html index 03a2b9b7591..62d065d3953 100644 --- a/mod/forum/post.html +++ b/mod/forum/post.html @@ -13,6 +13,9 @@ if (!isset($discussion->timestart)) { if (!isset($discussion->timeend)) { $discussion->timeend = 0; } + +trusttext_prepare_edit($post->message, $post->format, $usehtmleditor, $modcontext); + ?>
diff --git a/mod/forum/post.php b/mod/forum/post.php index bf6ca6c54b8..04252e6bcd4 100644 --- a/mod/forum/post.php +++ b/mod/forum/post.php @@ -85,9 +85,9 @@ $errordestination = $SESSION->fromurl; } - $post->subject = strip_tags($post->subject, ''); // Strip all tags except lang + $post->subject = clean_param(strip_tags($post->subject, ''), PARAM_CLEAN); // Strip all tags except multilang - //$post->message = clean_text($post->message, $post->format); // Clean up any bad tags + //$post->message will be cleaned later before display $post->attachment = isset($_FILES['attachment']) ? $_FILES['attachment'] : NULL; @@ -95,6 +95,7 @@ $cm->id = 0; } $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); + trusttext_after_edit($post->message, $modcontext); if (!$post->subject or !$post->message) { $post->error = get_string("emptymessage", "forum"); @@ -174,7 +175,7 @@ $timemessage = 4; } - if ($post->mailnow) { + if (!empty($post->mailnow)) { $message .= get_string("postmailnow", "forum"); $timemessage = 4; } @@ -614,6 +615,7 @@ require_login($course->id, false, $cm); + $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id); if ($post->discussion) { if (! $toppost = get_record("forum_posts", "discussion", $post->discussion, "parent", 0)) { diff --git a/mod/forum/search.php b/mod/forum/search.php index fdf4ca2d59f..15a5cd4fab9 100644 --- a/mod/forum/search.php +++ b/mod/forum/search.php @@ -204,7 +204,15 @@ //Use highlight() with nonsense tags to spot search terms in the //actual text content first. fiedorow - 9/2/2005 $missing_terms = ""; - $message = highlight($strippedsearch,format_text($post->message, $post->format, NULL, $course->id), + $options = new object(); + $options->trusttext = true; + // detect TRUSTTEXT marker before first call to format_text + if (trusttext_present($post->message)) { + $ttpresent = true; + } else { + $ttpresent = false; + } + $message = highlight($strippedsearch,format_text($post->message, $post->format, $options, $course->id), 0,'',''); foreach ($searchterms as $searchterm) { @@ -212,6 +220,8 @@ $missing_terms .= " $searchterm"; } } + // now is the right time to strip the TRUSTTEXT marker, we will add it later if needed + $post->message = trusttext_strip($post->message); $message = str_replace('','',$message); $message = str_replace('','',$message); @@ -219,6 +229,7 @@ if ($missing_terms) { $strmissingsearchterms = get_string('missingsearchterms','forum'); $post->message = '

'.$strmissingsearchterms.' '.$missing_terms.'

'.$message; + $ttpresent = false; } else { $post->message = $message; } @@ -226,6 +237,13 @@ $fulllink = "discussion#$post->id\">".get_string("postincontext", "forum").""; //search terms already highlighted - fiedorow - 9/2/2005 $SESSION->forum_search = true; + + // reconstruct the TRUSTTEXT properly after processing + if ($ttpresent) { + $post->message = trusttext_mark($post->message); + } else { + $post->message = trusttext_strip($post->message); //make 100% sure TRUSTTEXT marker was not created during processing + } forum_print_post($post, $course->id, false, false, false, false, $fulllink); unset($SESSION->forum_search); diff --git a/mod/forum/version.php b/mod/forum/version.php index ce44c5255d7..6faadfdca1a 100644 --- a/mod/forum/version.php +++ b/mod/forum/version.php @@ -5,8 +5,8 @@ // This fragment is called by /admin/index.php //////////////////////////////////////////////////////////////////////////////// -$module->version = 2006081800; -$module->requires = 2006080900; // Requires this Moodle version +$module->version = 2006082700; +$module->requires = 2006082600; // Requires this Moodle version $module->cron = 60; ?>