Moodle
  1. Moodle
  2. MDL-31101

format_string mangles < and > characters

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.4, 2.2.1, 2.3
    • Fix Version/s: 2.1.5, 2.2.2
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide

      1. Create Page resources with names

      • x < 0
      • x > 0
      • x < 1 and x > -1
        These should all work.

      2. Run the unit tests in lib/simpletest/testweblib.php

      Show
      1. Create Page resources with names x < 0 x > 0 x < 1 and x > -1 These should all work. 2. Run the unit tests in lib/simpletest/testweblib.php
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:

      Description

      Suppose you have the multilang filter enables, and you want a heading x > 0 or x < 1. Well, you are going to have problems.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Tim Hunt added a comment -

            Not the prettiest fix every, but it seems to work.

            Show
            Tim Hunt added a comment - Not the prettiest fix every, but it seems to work.
            Hide
            Petr Skoda added a comment -

            I do not like this kind of changes in stable branches - it seems quite dangerous to me

            I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead

            Show
            Petr Skoda added a comment - I do not like this kind of changes in stable branches - it seems quite dangerous to me I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead
            Hide
            Tim Hunt added a comment -

            Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string.

            If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.

            Show
            Tim Hunt added a comment - Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string. If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.
            Hide
            Eloy Lafuente (stronk7) added a comment -

            Integrated, thanks!

            Show
            Eloy Lafuente (stronk7) added a comment - Integrated, thanks!
            Hide
            Eloy Lafuente (stronk7) added a comment -

            I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.

            Show
            Eloy Lafuente (stronk7) added a comment - I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.
            Hide
            Eloy Lafuente (stronk7) added a comment -

            This virus has been spread upstream, everybody will be infected soon. Congrats, you did it!

            Closing, ciao

            Show
            Eloy Lafuente (stronk7) added a comment - This virus has been spread upstream, everybody will be infected soon. Congrats, you did it! Closing, ciao

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: