Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78525

count_words() and count_letters() should format text before counting to match display logic

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 4.1.5, 4.2.2
    • 3.9.22
    • General
    • MOODLE_39_STABLE
    • MOODLE_401_STABLE, MOODLE_402_STABLE
    • MDL-78525/401
    • MDL-78525/master
    • Hide

      This should be covered mostly with PHPUnit tests.

      We can also use original test instructions from MDL-64240:


       
      NOTE: You need to be able to access database table content to test this issue.

      Testing that when posts, edits and replies are posted, script content is stripped before being written to the database, and content loads correctly. Also testing word count works as expected.

      Pre-requisites and setup

      1. You need to be able to access database table content to test this issue.
      2. You need a Moodle site with a course with a forum activity created.
      3. Log in as admin
      4. Set plain text area as your editor in personal preferences, keep default format to HTML
      5. Open the forum.
      6. Click the cog (actions menu) on the right, and select 'Edit settings'.
      7. Expand 'Attachments and word count', and set 'Display word count' to 'Yes'.
      8. Click 'Save and Display'.

      Testing
      You should still be logged in as admin, and on the forum summary page (from the last step of setup).

      1. Click 'Add a new discussion topic'.
      2. Add a discussion topic as follows:
        Subject: "What do".
        In message, paste in the following text:

         <p onclick="alert('boop');">Snoot is booped</p>
         <script>alert('Boop the snoot');</script>
         <img alt="Boop the Snoot." src="https://proxy.duckduckgo.com/iu/?u=http%3A%2F%2Fwww.geekfill.com%2Fwp-content%2Fuploads%2F2015%2F08%2FBoop-the-Snoot.jpg&f=1">

      3. Click 'Post to forum'.
      4. Open the database for your Moodle site, and access the mdl_forum_posts table.
      5. Find the most recent post (the one you just created), CONFIRM that the onclick event on the paragraph and the <script>  were stored in database
      6. Return to the forum and open the 'What do' post.
      7. CONFIRM the post is visible, with 'Snoot is booped' and the broken image placeholder appearing.
      8. CONFIRM The word count below the image says '3 words'.
      9. Edit the post and CONFIRM the text is cleaned - onclick and script tags removed
      Show
      This should be covered mostly with PHPUnit tests. We can also use original test instructions from MDL-64240 :   NOTE: You need to be able to access database table content to test this issue. Testing that when posts, edits and replies are posted, script content is stripped before being written to the database, and content loads correctly. Also testing word count works as expected. Pre-requisites and setup You need to be able to access database table content to test this issue. You need a Moodle site with a course with a forum activity created. Log in as admin Set plain text area as your editor in personal preferences, keep default format to HTML Open the forum. Click the cog (actions menu) on the right, and select 'Edit settings'. Expand 'Attachments and word count', and set 'Display word count' to 'Yes'. Click 'Save and Display'. Testing You should still be logged in as admin, and on the forum summary page (from the last step of setup). Click 'Add a new discussion topic'. Add a discussion topic as follows: Subject: "What do". In message , paste in the following text: <p onclick="alert('boop');">Snoot is booped</p> <script>alert('Boop the snoot');</script> <img alt="Boop the Snoot." src="https://proxy.duckduckgo.com/iu/?u=http%3A%2F%2Fwww.geekfill.com%2Fwp-content%2Fuploads%2F2015%2F08%2FBoop-the-Snoot.jpg&f=1"> Click 'Post to forum'. Open the database for your Moodle site, and access the mdl_forum_posts table. Find the most recent post (the one you just created), CONFIRM that the onclick event on the paragraph and the <script>  were stored in database Return to the forum and open the 'What do' post. CONFIRM the post is visible, with 'Snoot is booped' and the broken image placeholder appearing. CONFIRM The word count below the image says '3 words'. Edit the post and CONFIRM the text is cleaned - onclick and script tags removed

      MDL-64240 had a wrong idea to purify text before storage to get correct word count, instead we should improve count_words() and count_letters() functions.

            skodak Petr Skoda
            skodak Petr Skoda
            Farhan Karmali Farhan Karmali
            Huong Nguyen Huong Nguyen
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 19 minutes
                2h 19m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.