Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67336

Forum inline reply option is applying filters before saving content in the DB

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As admin go to "Site administration > Plugins > Manage filters"
      2. Set "Convert URLs into links and images" to "On"
        Set "Multimedia plugins" to "On"
      3. Move "Convert URLs into links and images" above "Multimedia plugins"
      4. Change "Convert URLs into links and images" filter settings adding marking "HTML format" and "Moodle auto-format" in "Apply to formats" options.
      5. Go to a forum post
      6. Click on "Reply"
      7. Add 'Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs' content to the reply field
      8. Check youtube video is showing in the new post
      9. Check content stored in the DB is: '<div class="text_to_html">Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs</div>'
      Show
      As admin go to "Site administration > Plugins > Manage filters" Set "Convert URLs into links and images" to "On" Set "Multimedia plugins" to "On" Move "Convert URLs into links and images" above "Multimedia plugins" Change "Convert URLs into links and images" filter settings adding marking "HTML format" and "Moodle auto-format" in "Apply to formats" options. Go to a forum post Click on "Reply" Add 'Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs ' content to the reply field Check youtube video is showing in the new post Check content stored in the DB is: '<div class="text_to_html">Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs </div>'
    • Affected Branches:
      MOODLE_38_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull from Repository:
    • Pull 3.7 Branch:
    • Pull 3.8 Branch:
    • Pull Master Branch:
      MDL-67336-master

      Description

      Forum inline reply is not saving content in the DB as it is in the editor, is applying filters before saving it in the DB.

      So, for example, if 'Display H5P' filter is enabled in the site and somebody adds H5P content (URL) in an inline reply, the filter is applied and an <iframe src='...'></iframe> is saved in the DB. When the reply is display, an if trustedcontent is not activated, that 'iframe' tag is removed, so H5P content is not rendered.

      Steps to reproduce:

      <div class="text_to_html">H5P: <iframe src="https://h5p.org/h5p/embed/576651" class="h5p-iframe" name="h5pcontent" style="height:230px; width: 100%; border: 0;" allowfullscreen="allowfullscreen"></iframe><script src="http://localhost/moodle/master/lib/h5p/js/h5p-resizer.js"></script></div>

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  13/Jan/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 1 hour, 21 minutes
                  1d 1h 21m