Moodle
  1. Moodle
  2. MDL-32316

In Feedback. Item type 'label' does not honor 'trusted text' ($CFG->enabletrusttext)

    Details

    • Testing Instructions:
      Hide
      1. enable trusted text
      2. create a feedback instance
      3. create a new label item and use text what is cleaned by default such like javascript or so.

      The javascript should be executed while printing the label.
      If the trusted text is not enabled so the script should be filtered.

      Show
      enable trusted text create a feedback instance create a new label item and use text what is cleaned by default such like javascript or so. The javascript should be executed while printing the label. If the trusted text is not enabled so the script should be filtered.
    • Affected Branches:
      MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-32316_master_wip
    • Rank:
      39125

      Description

      In the edit form for the label feedback item (mod/feedback/item/label/label_form.php). The type for the html editor form element is set to PARAM_CLEANHTML. This is wrong. It should be PARAM_RAW. The cleaning of the html editor text is all done in the html editor libraries.

      As it stands, it breaks the $CFG->enabletrusttext setting - setting that doesn't do anything in this case.

      Additionally, at the end of the print_item() function in mod/feedback/item/label/lib.php the echo format_text(..) line is now wrong. I think it should read

      echo format_text($output, FORMAT_HTML, array('overflowdiv'=>true, 'trusted'=>$CFG->enabletrusttext ));

        Activity

        Hide
        Andreas Grabs added a comment -

        Thank you for reporting this issue!
        Best regards
        Andreas

        Show
        Andreas Grabs added a comment - Thank you for reporting this issue! Best regards Andreas
        Hide
        Dan Poltawski added a comment -

        The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

        TIA and ciao

        Show
        Dan Poltawski added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
        Hide
        Sam Hemelryk added a comment -

        Thanks Andreas this has been integrated now

        Show
        Sam Hemelryk added a comment - Thanks Andreas this has been integrated now
        Hide
        Rossiani Wijaya added a comment -

        This is working great.

        Thank you for fixing.

        Test passed.

        Show
        Rossiani Wijaya added a comment - This is working great. Thank you for fixing. Test passed.
        Hide
        Dan Poltawski added a comment -

        Bonza mate!

        Your changes have made it into the Moodle release! Its time to celebrate! Put a shrimp on the barbie and grab a stubby.

        Hooroo

        Show
        Dan Poltawski added a comment - Bonza mate! Your changes have made it into the Moodle release! Its time to celebrate! Put a shrimp on the barbie and grab a stubby. Hooroo

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: