|
[
Permalink
| « Hide
]
Martin Dougiamas added a comment - 17/Feb/09 04:29 PM
The one for 1.9.5 is look good, Dongsheng! Now we just need 1.8, 1.7 and 1.6 versions!
loops like this was not merged into HEAD, right?
merging to HEAD now and fixing problems in 1.9.x and HEAD...
merged into HEAD, fixed old report title in admin tree, normalised external page name
Fixed theoretical XSS - title attributes must be processed with s()
 fixed some xhtml strict problems too
fixed repeated format_text() - should be used only once
Backported to 1.8, 1,7 and 1.6.
In Moodle 1.6, yui is not supported internally, so I have to modify js code to run without yui. Works pretty well under 1.9 and 1.8. I haven't tested under 1.7 and 1.6. The report helped me to find a dozen of spam profiles at a site with 10k users. I had an issue with the report page layout and non-working Ignore/Delete buttons but I suppose that was because of non-valid HTML in the spam profiles. Maybe we can force HTML purifying of the profile description?
A note (haven't tested): CSS definition can be included inline in the profile. A spammer could, in theory, write a CSS so the profile content does not display at the report page, or is replaced by a look-like-a-valid profile. Any ideas regarding this? IMO can be closed as the script seems to be successfully implemented as an admin report. Thanks for your work on this! |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sub-task
Closed
Critical
 |
|
All content on this web site is made available under the GNU General Public License, unless otherwise stated.
