Skip to content

Commit

Permalink
Add aspellpath check before printing editor config colde
Browse files Browse the repository at this point in the history
  • Loading branch information
julmis committed Aug 21, 2004
1 parent ef132aa commit 67ccec4
Showing 1 changed file with 18 additions and 17 deletions.
35 changes: 18 additions & 17 deletions lib/weblib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -694,7 +694,7 @@ function format_text_email($text, $format) {

case FORMAT_MOODLE:
case FORMAT_MARKDOWN:
default:
default:
$text = eregi_replace('(<a [^<]*href=["|\']?([^ "\']*)["|\']?[^>]*>([^<]*)</a>)','\\3 [ \\2 ]', $text);
return strtr(strip_tags($text), array_flip(get_html_translation_table(HTML_ENTITIES)));
break;
Expand Down Expand Up @@ -748,7 +748,7 @@ function clean_text($text, $format=FORMAT_MOODLE) {
$text = eregi_replace("([^a-z])language([[:space:]]*)=", "\\1Xlanguage=", $text);
$text = eregi_replace("([^a-z])on([a-z]+)([[:space:]]*)=", "\\1Xon\\2=", $text);

/// Clean up embedded scripts and , using kses
/// Clean up embedded scripts and , using kses
$text = cleanAttributes($text);

return $text;
Expand All @@ -760,47 +760,47 @@ function cleanAttributes($str){
/// This function takes a string and examines it for html tags.
/// If tags are detected it passes the string to a helper function cleanAttributes2
/// which checks for attributes and filters them for malicious content
/// 17/08/2004 :: Eamon DOT Costello AT dcu DOT ie
/// 17/08/2004 :: Eamon DOT Costello AT dcu DOT ie
$result = preg_replace(
'%(<[^>]*(>|$)|>)%me', #search for html tags
"cleanAttributes2('\\1')",
"cleanAttributes2('\\1')",
$str
);
);
return $result;
}
}



function cleanAttributes2($htmlTag){
/// This function takes a string with an html tag and strips out any unallowed
/// protocols e.g. javascript:
/// It calls ancillary functions in kses which are prefixed by kses
/// 17/08/2004 :: Eamon DOT Costello AT dcu DOT ie
/// 17/08/2004 :: Eamon DOT Costello AT dcu DOT ie

global $CFG;
require_once("$CFG->libdir/kses.php");
require_once("$CFG->libdir/kses.php");

$htmlTag = kses_stripslashes($htmlTag);
if (substr($htmlTag, 0, 1) != '<'){
return '&gt;'; //a single character ">" detected
}
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $htmlTag, $matches)){
return ''; // It's seriously malformed
}
return ''; // It's seriously malformed
}
$slash = trim($matches[1]); //trailing xhtml slash
$elem = $matches[2]; //the element name
$elem = $matches[2]; //the element name
$attrlist = $matches[3]; // the list of attributes as a string

$allowed_protocols = array('http', 'https', 'ftp', 'news', 'mailto', 'teamspeak', 'gopher');
$attrArray = kses_hair($attrlist, $allowed_protocols) ;

$attStr = '';
$attStr = '';
foreach ($attrArray as $arreach)
{
$attStr .= ' '.strtolower($arreach['name']).'="'.strtolower($arreach['value']).'" ';
}
$xhtml_slash = '';
if (preg_match('%/\s*$%', $attrlist)){
$xhtml_slash = ' /';
$xhtml_slash = ' /';
}
return "<$slash$elem$attStr$xhtml_slash>";
}
Expand Down Expand Up @@ -1069,7 +1069,7 @@ function print_header ($title="", $heading="", $navigation="", $focus="", $meta=
$menu = "<font size=\"2\"><a target=\"$CFG->framename\" href=\"$wwwroot/login/index.php\">".get_string("login")."</a></font>";
}
}

if (isset($SESSION->justloggedin)) {
unset($SESSION->justloggedin);
if (!empty($CFG->displayloginfailures)) {
Expand Down Expand Up @@ -2558,8 +2558,9 @@ function print_editor_config() {
$i++;
}
echo "};";

print_speller_code($usehtmleditor=true);
if($CFG->editorspelling && !empty($CFG->aspellpath)) {
print_speller_code($usehtmleditor=true);
}
}

function print_speller_code ($usehtmleditor=false) {
Expand Down

0 comments on commit 67ccec4

Please sign in to comment.