Index: weblib.php =================================================================== RCS file: /cvsroot/moodle/moodle/lib/weblib.php,v retrieving revision 1.970.2.135 diff -u -r1.970.2.135 weblib.php --- weblib.php 2 Apr 2009 23:00:12 -0000 1.970.2.135 +++ weblib.php 11 Apr 2009 18:00:07 -0000 @@ -1468,6 +1468,29 @@ } /** + * Converting single left angled brackets to < (dlnsk %%52%%) + * If left and right brackets not forming a tag then converting it to < and > + * + * @param string $text The text to be converted. This is raw text originally from user input. + * @return string + */ +function convert_notags($text) { + + $text = preg_replace('@<([^>]*?(<|\z))@i', '<$1', $text); + $text = preg_replace_callback('@<([^>]*?\s[^>]*)>@i', 'convert_notags_callback', $text); + return $text; +} +// Callback function for the convert_notags +function convert_notags_callback($matches) { //dlnsk + + if (preg_match('@<([a-z0-9]+\s+([a-z]+=[^>]+|/))>@i', $matches[0])) { + return $matches[0]; + } else { + return '<'.$matches[1].'>'; + } +} + +/** * Given text in a variety of format codings, this function returns * the text as safe HTML. * @@ -2020,6 +2043,7 @@ $text = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $text); /// Remove tags that are not allowed + $text = convert_notags($text); //convert < and > if it's no tag (dlnsk %%52%%) $text = strip_tags($text, $ALLOWED_TAGS); /// Clean up embedded scripts and , using kses