moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-06 09:26:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-61196 message_popup: clean params before returning via WS

Browse source
This commit is contained in:
Mark Nelson 2018-02-09 17:31:38 +08:00
parent 315a0a3aaf
commit cb21b5b7fb
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
message/output/popup/classes/output/popup_notification.php
View file

@ -70,6 +70,10 @@ class popup_notification implements templatable, renderable {
$context->timecreatedpretty = get_string('ago', 'message', format_time(time() - $context->timecreated));
$context->text = message_format_message_text($context);
$context->read = $context->timeread ? true : false;
// Need to strip any HTML from these.
$context->subject = clean_param($context->subject, PARAM_TEXT);
$context->contexturlname = clean_param($context->contexturlname, PARAM_TEXT);
$context->shortenedsubject = shorten_text($context->subject, 125);
if (!empty($context->component) && substr($context->component, 0, 4) == 'mod_') {