Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: Filters
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      1) OOP formats, making them pluggable (this is apart but could be good idea for 2.0)
      2) OOP filters
      3) Allow each filter to alter the md5key generated, via filter method. filter->hash() will return a unique string, the results for this could be something like, in this example: "censor:seecensoredwords" for users having the capability, or: "censor:" for the rest. Note that adding this info to the hash sounds nice because it automatically invalidates records when filters are changed, and that isn't happening right now.
      4) Make the rest of format_text() and format_string() to work as now, but using that "custom" $md5key that contains all the particularities of the text being formatted.

      This improvement will help fix this bug:
      > Students at our school figured out they could swear if they put the word within a hyperlink - e.g.
      > <a href='#'>SwearWord</a>

        Gliffy Diagrams

        1. filter2.patch
          52 kB
          Dongsheng Cai
        2. MDL-14582_filter_plugins.patch
          61 kB
          Dongsheng Cai
        3. MDL-14582_filters.patch
          51 kB
          Dongsheng Cai
        4. MDL-14582_lib.patch
          5 kB
          Dongsheng Cai
        5. MDL-14582_weblib_filterlib.patch
          6 kB
          Dongsheng Cai
        6. Moodle Censorship Filter Modification.pdf
          87 kB
          guy thomas

          Issue Links

            Activity

            brudinie guy thomas created issue -
            dongsheng Dongsheng Cai made changes -
            Field Original Value New Value
            Parent MDL-14610 [ 26179 ]
            Issue Type Bug [ 1 ] Sub-task [ 5 ]
            dongsheng Dongsheng Cai made changes -
            Attachment filter.patch [ 13804 ]
            dongsheng Dongsheng Cai made changes -
            Assignee Nobody [ nobody ] Dongsheng Cai [ dongsheng ]
            stronk7 Eloy Lafuente (stronk7) made changes -
            Affects Version/s 1.6.1 [ 10118 ]
            Affects Version/s 1.6.2 [ 10119 ]
            Affects Version/s 1.6.3 [ 10140 ]
            Affects Version/s 1.6.4 [ 10150 ]
            Affects Version/s 1.7.1 [ 10151 ]
            Affects Version/s 1.7.2 [ 10174 ]
            Affects Version/s 1.6.5 [ 10210 ]
            Affects Version/s 1.6.6 [ 10211 ]
            Affects Version/s 1.7.3 [ 10212 ]
            Affects Version/s 1.8.1 [ 10213 ]
            Affects Version/s 1.8.2 [ 10220 ]
            Affects Version/s 1.8.3 [ 10230 ]
            Affects Version/s 1.8.4 [ 10242 ]
            Affects Version/s 1.7.4 [ 10243 ]
            Affects Version/s 1.8.5 [ 10252 ]
            dougiamas Martin Dougiamas made changes -
            Parent MDL-14610 [ 26179 ]
            Issue Type Sub-task [ 5 ] Bug [ 1 ]
            dongsheng Dongsheng Cai made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Won't Fix [ 2 ]
            dongsheng Dongsheng Cai made changes -
            Resolution Won't Fix [ 2 ]
            Status Resolved [ 5 ] Reopened [ 4 ]
            dougiamas Martin Dougiamas made changes -
            Component/s Filters [ 10077 ]
            Component/s Chat [ 10053 ]
            dougiamas Martin Dougiamas made changes -
            Fix Version/s 2.0 [ 10122 ]
            dongsheng Dongsheng Cai made changes -
            Status Reopened [ 4 ] In Progress [ 3 ]
            dongsheng Dongsheng Cai made changes -
            Attachment censor.diff [ 14060 ]
            dongsheng Dongsheng Cai made changes -
            Attachment censor2.diff [ 14070 ]
            dongsheng Dongsheng Cai made changes -
            Attachment censor.diff [ 14060 ]
            dongsheng Dongsheng Cai made changes -
            Attachment censor2.diff [ 14070 ]
            dongsheng Dongsheng Cai made changes -
            Attachment censor.diff [ 14081 ]
            dongsheng Dongsheng Cai made changes -
            Attachment censor.diff [ 14081 ]
            dongsheng Dongsheng Cai made changes -
            Attachment filter.patch [ 13804 ]
            dongsheng Dongsheng Cai made changes -
            Attachment filters.diff [ 14102 ]
            dongsheng Dongsheng Cai made changes -
            Attachment dofilter.diff [ 14103 ]
            dongsheng Dongsheng Cai made changes -
            Summary Censorship filter can be bypassed by enclosing swears in hyperlink OOP Censorship filter
            QA Assignee stronk7
            Affects Version/s 2.0 [ 10122 ]
            Affects Version/s 1.6 [ 10110 ]
            Affects Version/s 1.7 [ 10120 ]
            Affects Version/s 1.8 [ 10130 ]
            Affects Version/s 1.9 [ 10190 ]
            Description Students at our school figured out they could swear if they put the word within a hyperlink - e.g.

            <a href='#'>SwearWord</a>

            I've fixed this and also improved the censorship title so that only admin's can see what the original word was.
            Currently the word is blacked out but if you hover over it you can see the swear.
            With my mod, hovering over the blacked out swear will show 'censored!' unless you are an admin user.

            Obviously, this could be further improved to work from a capability rather than just a legacy check for isadmin()
            1) OOP formats, making them pluggable (this is apart but could be good idea for 2.0)
            2) OOP filters
            3) Allow each filter to alter the md5key generated, via filter method. filter->hash() will return a unique string, the results for this could be something like, in this example: "censor:seecensoredwords" for users having the capability, or: "censor:" for the rest. Note that adding this info to the hash sounds nice because it automatically invalidates records when filters are changed, and that isn't happening right now.
            4) Make the rest of format_text() and format_string() to work as now, but using that "custom" $md5key that contains all the particularities of the text being formatted.

            This improvement will help fix this bug:
            > Students at our school figured out they could swear if they put the word within a hyperlink - e.g.
            > <a href='#'>SwearWord</a>
            dongsheng Dongsheng Cai made changes -
            Attachment MDL-14582_filters.patch [ 14257 ]
            dongsheng Dongsheng Cai made changes -
            Attachment dofilter.diff [ 14103 ]
            dongsheng Dongsheng Cai made changes -
            Attachment filters.diff [ 14102 ]
            dongsheng Dongsheng Cai made changes -
            Attachment MDL-14582_lib.patch [ 14258 ]
            dougiamas Martin Dougiamas made changes -
            Link This issue has a non-specific relationship to MDL-15555 [ MDL-15555 ]
            dougiamas Martin Dougiamas made changes -
            Summary OOP Censorship filter Filters 2.0
            dougiamas Martin Dougiamas made changes -
            Priority Minor [ 4 ] Major [ 3 ]
            dongsheng Dongsheng Cai made changes -
            Attachment MDL-14582_weblib_filterlib.patch [ 15852 ]
            Attachment MDL-14582_filter_plugins.patch [ 15853 ]
            dongsheng Dongsheng Cai made changes -
            Attachment filter2.patch [ 15883 ]
            dongsheng Dongsheng Cai made changes -
            Status In Progress [ 3 ] Open [ 1 ]
            dongsheng Dongsheng Cai made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            dougiamas Martin Dougiamas made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            dougiamas Martin Dougiamas made changes -
            Workflow jira [ 26144 ] MDL Workflow [ 59592 ]
            dougiamas Martin Dougiamas made changes -
            Workflow MDL Workflow [ 59592 ] MDL Full Workflow [ 88747 ]

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  24/Nov/10