Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 1.6.9, 1.7.7, 1.8.8, 1.9.4
    • Fix Version/s: 1.6.9+, 1.7.7+, 1.8.9, 1.9.5, 2.0
    • Component/s: Administration
    • Labels:
      None
    • Affected Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      Dongsheng, can you turn spamcleaner.php (MDL-17144) into an admin report and backport it all the way back to 1.6?

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Martin Dougiamas added a comment -

            The one for 1.9.5 is look good, Dongsheng! Now we just need 1.8, 1.7 and 1.6 versions!

            Show
            Martin Dougiamas added a comment - The one for 1.9.5 is look good, Dongsheng! Now we just need 1.8, 1.7 and 1.6 versions!
            Hide
            Petr Skoda added a comment -

            loops like this was not merged into HEAD, right?

            Show
            Petr Skoda added a comment - loops like this was not merged into HEAD, right?
            Hide
            Petr Skoda added a comment -

            merging to HEAD now and fixing problems in 1.9.x and HEAD...

            Show
            Petr Skoda added a comment - merging to HEAD now and fixing problems in 1.9.x and HEAD...
            Hide
            Petr Skoda added a comment -

            merged into HEAD, fixed old report title in admin tree, normalised external page name

            Show
            Petr Skoda added a comment - merged into HEAD, fixed old report title in admin tree, normalised external page name
            Hide
            Petr Skoda added a comment -

            Fixed theoretical XSS - title attributes must be processed with s()

            Show
            Petr Skoda added a comment - Fixed theoretical XSS - title attributes must be processed with s()
            Hide
            Petr Skoda added a comment -

            fixed some xhtml strict problems too

            Show
            Petr Skoda added a comment - fixed some xhtml strict problems too
            Hide
            Petr Skoda added a comment -

            fixed repeated format_text() - should be used only once

            Show
            Petr Skoda added a comment - fixed repeated format_text() - should be used only once
            Hide
            Dongsheng Cai added a comment -

            Backported to 1.8, 1,7 and 1.6.
            In Moodle 1.6, yui is not supported internally, so I have to modify js code to run without yui.

            Show
            Dongsheng Cai added a comment - Backported to 1.8, 1,7 and 1.6. In Moodle 1.6, yui is not supported internally, so I have to modify js code to run without yui.
            Hide
            Dongsheng Cai added a comment -

            Thanks for testing.

            Show
            Dongsheng Cai added a comment - Thanks for testing.
            Hide
            David Mudrak added a comment -

            Works pretty well under 1.9 and 1.8. I haven't tested under 1.7 and 1.6. The report helped me to find a dozen of spam profiles at a site with 10k users. I had an issue with the report page layout and non-working Ignore/Delete buttons but I suppose that was because of non-valid HTML in the spam profiles. Maybe we can force HTML purifying of the profile description?

            A note (haven't tested): CSS definition can be included inline in the profile. A spammer could, in theory, write a CSS so the profile content does not display at the report page, or is replaced by a look-like-a-valid profile. Any ideas regarding this?

            IMO can be closed as the script seems to be successfully implemented as an admin report. Thanks for your work on this!

            Show
            David Mudrak added a comment - Works pretty well under 1.9 and 1.8. I haven't tested under 1.7 and 1.6. The report helped me to find a dozen of spam profiles at a site with 10k users. I had an issue with the report page layout and non-working Ignore/Delete buttons but I suppose that was because of non-valid HTML in the spam profiles. Maybe we can force HTML purifying of the profile description? A note (haven't tested): CSS definition can be included inline in the profile. A spammer could, in theory, write a CSS so the profile content does not display at the report page, or is replaced by a look-like-a-valid profile. Any ideas regarding this? IMO can be closed as the script seems to be successfully implemented as an admin report. Thanks for your work on this!
            Hide
            David Mudrak added a comment -

            Closing.

            Show
            David Mudrak added a comment - Closing.

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: