HTML text allow the same range of HTML tags (so it doesn't matter is you
switch from one to the other).
<IMG> and <A> are now ALLOWED in Moodle text. However, the clean_text
function now checks for and removes any embedded javascript triggers
to avoid cross-site scripting attacks that way.
clean_text() should be called on ANY text that comes in from students.
up smileys etc if the text has been edited at any stage using the
richtext editor.
I realise it's possible for students to really mess up forums display
etc if they wanted to include a huge picture ... I'm not sure if there
are any cross-site scripting attacks possible with images in there.
But there is also now the HTML format for most things, which is editable
using an ordinary form, so this problem is currently already exposed.
I think it's OK as long as can find a filter to strip all javascript
out of ANY format text in Moodle.
THIS IS A BIG CHANGE!
I've renamed the "reading" module to "resource".
This meant changing quite a few references throughout Moodle.
The automatic upgrade process should work OK (it worked OK on my
development server) and there shouldn't be any problems.
BUT PLEASE PROCEED WITH CAUTION AND KEEP BACKUPS OF EVERYTHING
UNTIL I HAVE A FEW MORE TESTS! If you upgrade please let me know.
One thing that will break are any hard-coded links within forum messages.
What I will be doing to fix this on my apache server is to add this to
httpd.conf:
Redirect /mod/reading/ http://moodle.com/mod/resource/
Sorry about any inconvenience, but it's better this is done sooner than later.
pluggable modules in the 'auth' directory.
Everything is done through authentication_user_login in lib/moodlelib.php
As well as the old default "email" confirmation, I added a new type of
confirmation "none", which basically does no confirmation at all.
schemes it's possible that the email field could be empty, so this
will force users to update it (and the rest of their profile) any
time they log into a course.
confirmation on deletions, removing deleted user from all student lists,
teacher lists and subscription lists and freeing up their username and
email to be used again.
