Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-17236 html block: proper cleanup of html; backported from HEAD

  • Loading branch information...
commit 98daf5d74916bb0a3585f61a13d31ac3e6320fbd 1 parent b571bf8
skodak authored
Showing with 17 additions and 5 deletions.
  1. +8 −3 blocks/html/block_html.php
  2. +9 −2 blocks/html/config_instance.html
11 blocks/html/block_html.php
View
@@ -12,7 +12,7 @@ function applicable_formats() {
}
function specialization() {
- $this->title = isset($this->config->title) ? $this->config->title : get_string('newhtmlblock', 'block_html');
+ $this->title = isset($this->config->title) ? format_string($this->config->title) : get_string('newhtmlblock', 'block_html');
}
function instance_allow_multiple() {
@@ -24,8 +24,13 @@ function get_content() {
return $this->content;
}
- $filteropt = new stdClass;
- $filteropt->noclean = true;
+ if (!empty($this->instance->pinned) or $this->instance->pagetype === 'course-view') {
+ // fancy html allowed only on course page and in pinned blocks for security reasons
+ $filteropt = new stdClass;
+ $filteropt->noclean = true;
+ } else {
+ $filteropt = null;
+ }
$this->content = new stdClass;
$this->content->text = isset($this->config->text) ? format_text($this->config->text, FORMAT_HTML, $filteropt) : '';
11 blocks/html/config_instance.html
View
@@ -1,4 +1,11 @@
-<?php $usehtmleditor = can_use_html_editor(); ?>
+<?php
+ $usehtmleditor = can_use_html_editor();
+
+ $text = isset($this->config->text) ? $this->config->text : '';
+ if (empty($this->instance->pinned) and $this->instance->pagetype !== 'course-view') {
+ $text = clean_text($text, FORMAT_HTML);
+ }
+?>
<table cellpadding="9" cellspacing="0">
<tr valign="top">
<td align="right"><?php print_string('configtitle', 'block_html'); ?>:</td>
@@ -6,7 +13,7 @@
</tr>
<tr valign="top">
<td align="right"><?php print_string('configcontent', 'block_html'); ?>:</td>
- <td><?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', isset($this->config->text)?$this->config->text:'') ?></td>
+ <td><?php print_textarea($usehtmleditor, 25, 50, 0, 0, 'text', $text) ?></td>
</tr>
<tr>
<td colspan="3" align="center">
Please sign in to comment.
Something went wrong with that request. Please try again.