MDL-13025 added data intro text formatting without cleaning - manage …

…activity cap already marked with XSS risk; merged from MOODLE_19_STABLE

mod/data/index.php

@@ -28,7 +28,7 @@
     $id = required_param('id', PARAM_INT);   // course
 
     if (! $course = get_record("course", "id", $id)) {
-        print_error("Course ID is incorrect");
+        error("Course ID is incorrect");
     }
 
     require_course_login($course);
@@ -80,6 +80,9 @@
         array_push($table->align, 'center');
     }
 
+    $options = new object();
+    $options->noclean = true;
+
     $currentsection = "";
 
     foreach ($datas as $data) {
@@ -123,10 +126,10 @@
                 }
                 $currentsection = $data->section;
             }
-            $row = array ($printsection, $link, $data->intro, $numrecords, $numunapprovedrecords);
+            $row = array ($printsection, $link, format_text($data->intro, FORMAT_MOODLE, $options), $numrecords, $numunapprovedrecords);
 
         } else {
-            $row = array ($link, $data->intro, $numrecords, $numunapprovedrecords);
+            $row = array ($link, format_text($data->intro, FORMAT_MOODLE, $options), $numrecords, $numunapprovedrecords);
         }
 
         if ($rss) {

mod/data/view.php

@@ -307,7 +307,9 @@
     }
 
     if ($data->intro and empty($page) and empty($record) and $mode != 'single') {
-        print_box(format_text($data->intro), 'generalbox', 'intro');
+        $options = new object();
+        $options->noclean = true;
+        print_box(format_text($data->intro, FORMAT_MOODLE, $options), 'generalbox', 'intro');
     }
 
 /// Delete any requested records