Moodle

format_string mangles < and > characters

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 2.1.4, 2.2.1, 2.3
  • Fix Version/s: 2.1.5, 2.2.2
  • Component/s: Libraries
  • Labels:
  • Testing Instructions:
    Hide

    1. Create Page resources with names

    • x < 0
    • x > 0
    • x < 1 and x > -1
      These should all work.

    2. Run the unit tests in lib/simpletest/testweblib.php

    Show
    1. Create Page resources with names x < 0 x > 0 x < 1 and x > -1 These should all work. 2. Run the unit tests in lib/simpletest/testweblib.php
  • Affected Branches:
    MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
  • Fixed Branches:
    MOODLE_21_STABLE, MOODLE_22_STABLE
  • Pull from Repository:
  • Pull Master Branch:
  • Pull Master Diff URL:

Description

Suppose you have the multilang filter enables, and you want a heading x > 0 or x < 1. Well, you are going to have problems.

Issue Links

discovered while testing

Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-24394 Match question type: should be able to use the multilang filter on the answers

  • Minor - Minor loss of function where workaround is possible
  • Closed - The issue is considered finished, the resolution is correct. Issues which are closed should not be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Tim Hunt added a comment -

Not the prettiest fix every, but it seems to work.

Show
Tim Hunt added a comment - Not the prettiest fix every, but it seems to work.
Hide
Permalink
Petr Škoda added a comment -

I do not like this kind of changes in stable branches - it seems quite dangerous to me

I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead

Show
Petr Škoda added a comment - I do not like this kind of changes in stable branches - it seems quite dangerous to me I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead
Hide
Permalink
Tim Hunt added a comment -

Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string.

If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.

Show
Tim Hunt added a comment - Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string. If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Integrated, thanks!

Show
Eloy Lafuente (stronk7) added a comment - Integrated, thanks!
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.

Show
Eloy Lafuente (stronk7) added a comment - I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

This virus has been spread upstream, everybody will be infected soon. Congrats, you did it!

Closing, ciao

Show
Eloy Lafuente (stronk7) added a comment - This virus has been spread upstream, everybody will be infected soon. Congrats, you did it! Closing, ciao

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: