Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.6.9, 1.7.7, 1.8.8, 1.9.4
    • Fix Version/s: 1.6.9+, 1.7.7+, 1.8.9, 1.9.5, 2.0
    • Component/s: Administration
    • Labels:
      None
    • Affected Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE
    • Rank:
      36534

      Description

      Dongsheng, can you turn spamcleaner.php (MDL-17144) into an admin report and backport it all the way back to 1.6?

        Issue Links

          Activity

          Hide
          Martin Dougiamas added a comment -

          The one for 1.9.5 is look good, Dongsheng! Now we just need 1.8, 1.7 and 1.6 versions!

          Show
          Martin Dougiamas added a comment - The one for 1.9.5 is look good, Dongsheng! Now we just need 1.8, 1.7 and 1.6 versions!
          Hide
          Petr Škoda added a comment -

          loops like this was not merged into HEAD, right?

          Show
          Petr Škoda added a comment - loops like this was not merged into HEAD, right?
          Hide
          Petr Škoda added a comment -

          merging to HEAD now and fixing problems in 1.9.x and HEAD...

          Show
          Petr Škoda added a comment - merging to HEAD now and fixing problems in 1.9.x and HEAD...
          Hide
          Petr Škoda added a comment -

          merged into HEAD, fixed old report title in admin tree, normalised external page name

          Show
          Petr Škoda added a comment - merged into HEAD, fixed old report title in admin tree, normalised external page name
          Hide
          Petr Škoda added a comment -

          Fixed theoretical XSS - title attributes must be processed with s()

          Show
          Petr Škoda added a comment - Fixed theoretical XSS - title attributes must be processed with s()
          Hide
          Petr Škoda added a comment -

          fixed some xhtml strict problems too

          Show
          Petr Škoda added a comment - fixed some xhtml strict problems too
          Hide
          Petr Škoda added a comment -

          fixed repeated format_text() - should be used only once

          Show
          Petr Škoda added a comment - fixed repeated format_text() - should be used only once
          Hide
          Dongsheng Cai added a comment -

          Backported to 1.8, 1,7 and 1.6.
          In Moodle 1.6, yui is not supported internally, so I have to modify js code to run without yui.

          Show
          Dongsheng Cai added a comment - Backported to 1.8, 1,7 and 1.6. In Moodle 1.6, yui is not supported internally, so I have to modify js code to run without yui.
          Hide
          Dongsheng Cai added a comment -

          Thanks for testing.

          Show
          Dongsheng Cai added a comment - Thanks for testing.
          Hide
          David Mudrak added a comment -

          Works pretty well under 1.9 and 1.8. I haven't tested under 1.7 and 1.6. The report helped me to find a dozen of spam profiles at a site with 10k users. I had an issue with the report page layout and non-working Ignore/Delete buttons but I suppose that was because of non-valid HTML in the spam profiles. Maybe we can force HTML purifying of the profile description?

          A note (haven't tested): CSS definition can be included inline in the profile. A spammer could, in theory, write a CSS so the profile content does not display at the report page, or is replaced by a look-like-a-valid profile. Any ideas regarding this?

          IMO can be closed as the script seems to be successfully implemented as an admin report. Thanks for your work on this!

          Show
          David Mudrak added a comment - Works pretty well under 1.9 and 1.8. I haven't tested under 1.7 and 1.6. The report helped me to find a dozen of spam profiles at a site with 10k users. I had an issue with the report page layout and non-working Ignore/Delete buttons but I suppose that was because of non-valid HTML in the spam profiles. Maybe we can force HTML purifying of the profile description? A note (haven't tested): CSS definition can be included inline in the profile. A spammer could, in theory, write a CSS so the profile content does not display at the report page, or is replaced by a look-like-a-valid profile. Any ideas regarding this? IMO can be closed as the script seems to be successfully implemented as an admin report. Thanks for your work on this!
          Hide
          David Mudrak added a comment -

          Closing.

          Show
          David Mudrak added a comment - Closing.

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: