Skip to content

Commit

Permalink
fixed input validation in admin and formating+cleaning in diff and ed…
Browse files Browse the repository at this point in the history 
…iting SC#160
  • Loading branch information
skodak committed Nov 3, 2005
1 parent 5ee8a75 commit b17e29b
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 35 deletions.
16 changes: 7 additions & 9 deletions mod/wiki/admin.php
View file
Expand Up @@ -4,15 +4,13 @@
require_once("../../config.php");
require_once("lib.php");

optional_variable($id); // Course Module ID, or
optional_variable($a); // wiki ID
optional_variable($page, false); // Pagename
optional_variable($confirm, "");
optional_variable($action,""); // Admin Action
optional_variable($userid, 0); // User wiki.
optional_variable($groupid, 0); // Group wiki.

$action = clean_text($action);
$id = optional_param('id', '', PARAM_INT); // Course Module ID, or
$a = optional_param('a', '', PARAM_INT); // wiki ID
$page = optional_param('page', false, PARAM_CLEAN); // Pagename
$confirm = optional_param('confirm', '', PARAM_RAW);
$action = optional_param('action', '', PARAM_ACTION); // Admin Action
$userid = optional_param('userid', 0, PARAM_INT); // User wiki.
$groupid = optional_param('groupid', 0, PARAM_INT); // Group wiki.

if ($id) {
if (! $cm = get_record("course_modules", "id", $id)) {
Expand Down
12 changes: 10 additions & 2 deletions mod/wiki/ewiki/ewiki.php
View file
Expand Up @@ -1504,7 +1504,7 @@ function ewiki_data_update(&$data, $author="") {

#-- edit <textarea>
function ewiki_page_edit_form(&$id, &$data, &$hidden_postdata) {
global $ewiki_plugins, $ewiki_config;
global $ewiki_plugins, $ewiki_config, $moodle_format;

$o='';

Expand Down Expand Up @@ -1550,7 +1550,15 @@ function ewiki_page_edit_form(&$id, &$data, &$hidden_postdata) {
ob_start();
$usehtmleditor = can_use_html_editor();
echo '<table><tr><td>';
print_textarea($usehtmleditor, $rows, $cols, 680, 400, "content", ewiki_format($data["content"]));
if ($usehtmleditor) { //clean and convert before editing
$options = new object();
$options->smiley = false;
$options->filter = false;
$oldtext = format_text(ewiki_format($data["content"]), $moodle_format, $options);
} else {
$oldtext = ewiki_format($data["content"]);
}
print_textarea($usehtmleditor, $rows, $cols, 680, 400, "content", $oldtext);
echo '</td></tr></table>';
if ($usehtmleditor) {
use_html_editor("content");
Expand Down
47 changes: 23 additions & 24 deletions mod/wiki/ewiki/plugins/moodle/diff.php
View file
Expand Up @@ -13,7 +13,7 @@


function ewiki_page_stupid_diff($id, $data, $action) {
global $wiki;
global $wiki, $moodle_format;

if ($uu=$GLOBALS["ewiki_diff_versions"]) {
list($new_ver, $old_ver) = $uu;
Expand All @@ -34,10 +34,17 @@ function ewiki_page_stupid_diff($id, $data, $action) {

# Different handling for html: closes Bug #1530 - Wiki diffs useless when using HTML editor
if($wiki->htmlmode==2) {
/// first do the formatiing to get normal display format without filters
$options = new object();
$options->smiley = false;
$options->filter = false;
$content0 = format_text($data0['content'], $moodle_format, $options);
$content = format_text($data['content'], $moodle_format, $options);

/// Remove all new line characters. They will be placed at HTML line breaks.
$content0 = preg_replace('/\n|\r/i', ' ', $data0['content']);
$content0 = preg_replace('/\n|\r/i', ' ', $content0);
$content0 = preg_replace('/(\S)\s+(\S)/', '$1 $2', $content0); // Remove multiple spaces.
$content = preg_replace('/\n|\r/i', ' ', $data['content']);
$content = preg_replace('/\n|\r/i', ' ', $content);
$content = preg_replace('/(\S)\s+(\S)/', '$1 $2', $content);

/// Replace <p>&nbsp;</p>
Expand All @@ -59,54 +66,46 @@ function ewiki_page_stupid_diff($id, $data, $action) {
}
$txt0 = preg_split("+\s*\n+", trim($content0));
$txt2 = preg_split("+\s*\n+", trim($content));
///print "<pre>\n";
///print "\$data0[content]:\n $data0[content]\n";
///print "\n\n-----------\n\n";
///print "\$data[content]:\n $data[content]\n";
///print "\n\n-----------\n\n";
///print "\$content0:\n $content0\n";
///print "\n\n-----------\n\n";
///print "\$content:\n $content\n";
///print "\n\n-----------\n\n";
///print "</pre>";
///exit;

$diff0 = array_diff($txt0, $txt2);
$diff2 = array_diff($txt2, $txt0);

foreach ($txt2 as $i => $line) {
// if($wiki->htmlmode != 2) {
// $line = htmlentities($line);
// }
$i2 = $i;
while ($rm = $diff0[$i2++]) {
if($wiki->htmlmode == 2) {
$o .= "<b>-</b><font color=\"#990000\">$rm</font><br />\n";
if ($rm == '<br />') { //ugly hack to fix line breaks
$rm = '';
}
$o .= "<b>-</b><font color=\"#990000\">".format_text($rm, $moodle_format, $options)."</font><br />\n";
} else {
$o .= "<b>-</b><font color=\"#990000\"><tt>$rm</tt></font><br />\n";
$o .= "<b>-</b><font color=\"#990000\"><tt>".s($rm)."</tt></font><br />\n";
}
unset($diff0[$i2-1]);
}

if (in_array($line, $diff2)) {
if($wiki->htmlmode == 2) {
$o .= "<b>+</b><font color=\"#009900\">$line</font><br />\n";
if ($line == '<br />') { //ugly hack to fix line breaks
$line = '';
}
$o .= "<b>+</b><font color=\"#009900\">".format_text($line, $moodle_format, $options)."</font><br />\n";
} else {
$o .= "<b>+</b><font color=\"#009900\"><tt>$line</tt></font><br />\n";
$o .= "<b>+</b><font color=\"#009900\"><tt>".s($line)."</tt></font><br />\n";
}
}
else {
if($wiki->htmlmode == 2) {
$o .= "$line\n";
$o .= format_text($line, $moodle_format, $options)."\n";
} else {
$o .= "&nbsp; $line<br />\n";
$o .= "&nbsp; ".s($line)."<br />\n";
}
}

}

foreach ($diff0 as $rm) {
$o .= "<b>-</b><font color=\"#990000\"> <tt>$rm</tt></font><br />\n";
$o .= "<b>-</b><font color=\"#990000\"> <tt>".s($rm)."</tt></font><br />\n";
}

return($o);
Expand Down

0 comments on commit b17e29b

Please sign in to comment.