Moodle
  1. Moodle
  2. MDL-31101

format_string mangles < and > characters

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 2.1.4, 2.2.1, 2.3
    • Fix Version/s: 2.1.5, 2.2.2
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide

      1. Create Page resources with names

      • x < 0
      • x > 0
      • x < 1 and x > -1
        These should all work.

      2. Run the unit tests in lib/simpletest/testweblib.php

      Show
      1. Create Page resources with names x < 0 x > 0 x < 1 and x > -1 These should all work. 2. Run the unit tests in lib/simpletest/testweblib.php
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
    • Rank:
      37528

      Description

      Suppose you have the multilang filter enables, and you want a heading x > 0 or x < 1. Well, you are going to have problems.

        Issue Links

          Activity

          Hide
          Tim Hunt added a comment -

          Not the prettiest fix every, but it seems to work.

          Show
          Tim Hunt added a comment - Not the prettiest fix every, but it seems to work.
          Hide
          Petr Škoda added a comment -

          I do not like this kind of changes in stable branches - it seems quite dangerous to me

          I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead

          Show
          Petr Škoda added a comment - I do not like this kind of changes in stable branches - it seems quite dangerous to me I was thinking a bit more about this and I do not like this "automatic fixing" much inside format_string(), it shoudl be imo done when taking the input from users instead
          Hide
          Tim Hunt added a comment -

          Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string.

          If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.

          Show
          Tim Hunt added a comment - Petr, content sent through format_string for output should have been processed by PARAM_TEXT on input. Therefore, it should be plain text plus multilang tags. Therefore, I think that 'x < 1' is a valid input string. If you disagree, then you need to change clean_param(..., PARAM_TEXT) which also seems dangerous.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Integrated, thanks!

          Show
          Eloy Lafuente (stronk7) added a comment - Integrated, thanks!
          Hide
          Eloy Lafuente (stronk7) added a comment -

          I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.

          Show
          Eloy Lafuente (stronk7) added a comment - I've executed tests under 21/22/23 and tested with the offending chars into activity title. HTML source code revealed the differences and all them were ok. So passed.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          This virus has been spread upstream, everybody will be infected soon. Congrats, you did it!

          Closing, ciao

          Show
          Eloy Lafuente (stronk7) added a comment - This virus has been spread upstream, everybody will be infected soon. Congrats, you did it! Closing, ciao

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: