mirror of
https://github.com/moodle/moodle.git
synced 2025-08-06 09:26:35 +02:00
trusttext:
* proposed by Martin Dougiamas * implemented by skodak Usage: 1/ change enabletrusttext to yes in site settings (it is off by default) or set it in config.php 2/ assign moodle/site:trustcontent capability to users whose text submitted in glossary entries, comments, forum posts etc. should not be cleaned == they can use javascript or any other forbidden tags in glossary and forums... done: * core * glossary (without proper upgrade) to do: * data cleaning in upgrades * forum, blocks and some other places (MD decides)
This commit is contained in:
skodak
parent
8618b509fd
commit
7d8a3cb06a
12 changed files with 193 additions and 33 deletions
|
|
@ -2,13 +2,9 @@
|
|||
if (!isset($form->format)) {
|
||||
$form->format = $defaultformat;
|
||||
}
|
||||
if ($usehtmleditor) { //clean and convert before editing
|
||||
$options = new object();
|
||||
$options->smiley = false;
|
||||
$options->filter = false;
|
||||
$form->text = format_text($form->text, $form->format, $options);
|
||||
$form->format = FORMAT_HTML;
|
||||
}
|
||||
|
||||
trusttext_prepare_edit($form->text, $form->format, $usehtmleditor, $context)
|
||||
|
||||
?>
|
||||
<form name="form" method="post" action="comment.php">
|
||||
<table class="generalbox">
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@
|
|||
}
|
||||
|
||||
if ( $confirm and $form = data_submitted() ) {
|
||||
//$form->text = clean_text($form->text, $form->format);
|
||||
trusttext_after_edit($form->text, $context);
|
||||
|
||||
$newentry->entryid = $entry->id;
|
||||
$newentry->comment = $form->text;
|
||||
|
|
|
|||
|
|
@ -2,13 +2,9 @@
|
|||
if (!isset($newentry->format)) {
|
||||
$newentry->format = $defaultformat;
|
||||
}
|
||||
if ($usehtmleditor) { //clean and convert before editing
|
||||
$options = new object();
|
||||
$options->smiley = false;
|
||||
$options->filter = false;
|
||||
$newentry->definition = format_text($newentry->definition, $newentry->format, $options);
|
||||
$newentry->format = FORMAT_HTML;
|
||||
}
|
||||
|
||||
trusttext_prepare_edit($newentry->definition, $newentry->format, $usehtmleditor, $context)
|
||||
|
||||
?>
|
||||
<form name="form" method="post" action="edit.php" enctype="multipart/form-data">
|
||||
<table border="0" cellpadding="5">
|
||||
|
|
|
|||
|
|
@ -43,6 +43,8 @@ if (!$glossary->studentcanpost && !has_capability('mod/glossary:manageentries',
|
|||
}
|
||||
if ( $confirm ) {
|
||||
$form = data_submitted();
|
||||
trusttext_after_edit($form->text, $context);
|
||||
|
||||
if ( !isset($form->usedynalink) ) {
|
||||
$form->usedynalink = 0;
|
||||
}
|
||||
|
|
@ -245,6 +247,7 @@ if ( $confirm ) {
|
|||
$newentry->userid = $form->userid;
|
||||
$newentry->timecreated = $form->timecreated;
|
||||
|
||||
|
||||
if ( $aliases = get_records("glossary_alias","entryid",$e) ) {
|
||||
foreach ($aliases as $alias) {
|
||||
$newentry->aliases .= $alias->alias . "\n";
|
||||
|
|
@ -332,7 +335,7 @@ $tab = GLOSSARY_ADDENTRY_VIEW;
|
|||
include("tabs.html");
|
||||
|
||||
if (!$e) {
|
||||
require_capability('glossary_write', $context);
|
||||
require_capability('mod/glossary:write', $context);
|
||||
}
|
||||
|
||||
include("edit.html");
|
||||
|
|
|
|||
|
|
@ -212,7 +212,7 @@
|
|||
$xmlentry = $xmlentries[$i];
|
||||
unset($newentry);
|
||||
$newentry->concept = trim(addslashes($xmlentry['#']['CONCEPT'][0]['#']));
|
||||
$newentry->definition = addslashes($xmlentry['#']['DEFINITION'][0]['#']);
|
||||
$newentry->definition = trusttext_strip(addslashes($xmlentry['#']['DEFINITION'][0]['#']));
|
||||
if ( isset($xmlentry['#']['CASESENSITIVE'][0]['#']) ) {
|
||||
$newentry->casesensitive = addslashes($xmlentry['#']['CASESENSITIVE'][0]['#']);
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -588,13 +588,36 @@ function glossary_print_entry($course, $cm, $glossary, $entry, $mode='',$hook=''
|
|||
//Default (old) print format used if custom function doesn't exist in format
|
||||
function glossary_print_entry_default ($entry) {
|
||||
echo '<b>'. strip_tags($entry->concept) . ': </b>';
|
||||
|
||||
$definition = $entry->definition;
|
||||
|
||||
// always detect and strip TRUSTTEXT marker before processing and add+strip it afterwards!
|
||||
if (trusttext_present($definition)) {
|
||||
$ttpresent = true;
|
||||
$definition = trusttext_strip($definition);
|
||||
} else {
|
||||
$ttpresent = false;
|
||||
}
|
||||
|
||||
$definition = '<span class="nolink">' . strip_tags($definition) . '</span>';
|
||||
|
||||
// reconstruct the TRUSTTEXT properly after processing
|
||||
if ($ttpresent) {
|
||||
$definition = trusttext_mark($definition);
|
||||
} else {
|
||||
$definition = trusttext_strip($definition); //make 100% sure TRUSTTEXT marker was not created
|
||||
}
|
||||
|
||||
$options = new object();
|
||||
$options->para = false;
|
||||
$definition = format_text('<span class="nolink">' . strip_tags($entry->definition) . '</span>', $entry->format,$options);
|
||||
$options->trusttext = true;
|
||||
$definition = format_text($definition, $entry->format, $options);
|
||||
echo ($definition);
|
||||
echo '<br /><br />';
|
||||
}
|
||||
|
||||
function glossary_print_entry_concept($entry) {
|
||||
$options = new object();
|
||||
$options->para = false;
|
||||
$text = format_text('<span class="nolink">' . $entry->concept . '</span>', FORMAT_MOODLE, $options);
|
||||
if (!empty($entry->highlight)) {
|
||||
|
|
@ -607,6 +630,14 @@ function glossary_print_entry_definition($entry) {
|
|||
|
||||
$definition = $entry->definition;
|
||||
|
||||
// always detect and strip TRUSTTEXT marker before processing and add+strip it afterwards!
|
||||
if (trusttext_present($definition)) {
|
||||
$ttpresent = true;
|
||||
$definition = trusttext_strip($definition);
|
||||
} else {
|
||||
$ttpresent = false;
|
||||
}
|
||||
|
||||
$links = array();
|
||||
$tags = array();
|
||||
$urls = array();
|
||||
|
|
@ -702,9 +733,18 @@ function glossary_print_entry_definition($entry) {
|
|||
$definition = str_replace(array_keys($links),$links,$definition);
|
||||
}
|
||||
|
||||
$options = new object();
|
||||
$options->para = false;
|
||||
$options->trusttext = true;
|
||||
|
||||
$text = format_text($definition, $entry->format,$options);
|
||||
// reconstruct the TRUSTTEXT properly after processing
|
||||
if ($ttpresent) {
|
||||
$definition = trusttext_mark($definition);
|
||||
} else {
|
||||
$definition = trusttext_strip($definition); //make 100% sure TRUSTTEXT marker was not created
|
||||
}
|
||||
|
||||
$text = format_text($definition, $entry->format, $options);
|
||||
if (!empty($entry->highlight)) {
|
||||
$text = highlight($entry->highlight, $text);
|
||||
}
|
||||
|
|
@ -1537,7 +1577,9 @@ function glossary_print_comment($course, $cm, $glossary, $entry, $comment) {
|
|||
echo ' ';
|
||||
echo '</td><td class="entry">';
|
||||
|
||||
echo format_text($comment->comment, $comment->format);
|
||||
$options = new object();
|
||||
$options->trusttext = true;
|
||||
echo format_text($comment->comment, $comment->format, $options);
|
||||
|
||||
echo '<div class="icons commands">';
|
||||
|
||||
|
|
@ -1692,7 +1734,7 @@ function glossary_generate_export_file($glossary, $hook = "", $hook = 0) {
|
|||
if ( $entry->approved and $permissiongranted ) {
|
||||
$co .= glossary_start_tag("ENTRY",3,true);
|
||||
$co .= glossary_full_tag("CONCEPT",4,false,trim($entry->concept));
|
||||
$co .= glossary_full_tag("DEFINITION",4,false,$entry->definition);
|
||||
$co .= glossary_full_tag("DEFINITION",4,false,trusttext_strip($entry->definition));
|
||||
$co .= glossary_full_tag("FORMAT",4,false,$entry->format);
|
||||
$co .= glossary_full_tag("USEDYNALINK",4,false,$entry->usedynalink);
|
||||
$co .= glossary_full_tag("CASESENSITIVE",4,false,$entry->casesensitive);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue