Permalink
Browse files

Allow <IMG> tags in Moodle format text. Not having it can really mess

up smileys etc if the text has been edited at any stage using the
richtext editor.

I realise it's possible for students to really mess up forums display
etc if they wanted to include a huge picture ... I'm not sure if there
are any cross-site scripting attacks possible with images in there.

But there is also now the HTML format for most things, which is editable
using an ordinary form, so this problem is currently already exposed.

I think it's OK as long as can find a filter to strip all javascript
out of ANY format text in Moodle.
  • Loading branch information...
1 parent e757af1 commit 08beb3327b318935583effa50bcdff097961b473 moodler committed Oct 18, 2002
Showing with 3 additions and 2 deletions.
  1. +1 −0 lib/languages.php
  2. +1 −1 lib/moodlelib.php
  3. +1 −1 lib/weblib.php
View
@@ -115,6 +115,7 @@
"pl" => "Polish",
"ps" => "Pushto",
"pt" => "Portuguese",
+"pt_br" => "Portuguese (Brazil)",
"qu" => "Quechua",
"rm" => "Raeto-Romance",
"rn" => "Rundi",
View
@@ -116,7 +116,7 @@ function print_navigation ($navigation) {
}
function print_heading($text, $align="CENTER", $size=3) {
- echo "<P ALIGN=\"$align\"><FONT SIZE=\"$size\"><B>$text</B></FONT></P>";
+ echo "<P ALIGN=\"$align\"><FONT SIZE=\"$size\"><B>".stripslashes($text)."</B></FONT></P>";
}
function print_continue($link) {
View
@@ -351,7 +351,7 @@ function clean_text($text, $format) {
switch ($format) {
case FORMAT_MOODLE:
- return strip_tags($text, '<b><i><u><font><ol><ul><dl><li><dt><dd><h1><h2><h3><hr>');
+ return strip_tags($text, '<b><i><u><font><ol><ul><dl><li><dt><dd><h1><h2><h3><hr><img>');
break;
case FORMAT_HTML:

0 comments on commit 08beb33

Please sign in to comment.