Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-31101

format_string mangles < and > characters

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.4, 2.2.1, 2.3
    • Fix Version/s: 2.1.5, 2.2.2
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide

      1. Create Page resources with names

      • x < 0
      • x > 0
      • x < 1 and x > -1
        These should all work.

      2. Run the unit tests in lib/simpletest/testweblib.php

      Show
      1. Create Page resources with names x < 0 x > 0 x < 1 and x > -1 These should all work. 2. Run the unit tests in lib/simpletest/testweblib.php
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:

      Description

      Suppose you have the multilang filter enables, and you want a heading x > 0 or x < 1. Well, you are going to have problems.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              Hide
              timhunt Tim Hunt added a comment -

              Not the prettiest fix every, but it seems to work.

              Show
              timhunt Tim Hunt added a comment - Not the prettiest fix every, but it seems to work.
              Hide
              skodak Petr Skoda added a comment -

              I do not like this kind of changes in stable branches - it seems quite dangerous to me

              I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead

              Show
              skodak Petr Skoda added a comment - I do not like this kind of changes in stable branches - it seems quite dangerous to me I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead
              Hide
              timhunt Tim Hunt added a comment -

              Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string.

              If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.

              Show
              timhunt Tim Hunt added a comment - Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string. If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              Integrated, thanks!

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - Integrated, thanks!
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              This virus has been spread upstream, everybody will be infected soon. Congrats, you did it!

              Closing, ciao

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - This virus has been spread upstream, everybody will be infected soon. Congrats, you did it! Closing, ciao

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    12/Mar/12