function test_fix_non_standard_entities()
{
$this->assertEqual(fix_non_standard_entities('£ä'), '£ä');
$this->assertEqual(fix_non_standard_entities('£ä'), '£ä');
}
/**
* Given raw text (eg typed in by a user), this function cleans it up
* and removes any nasty tags that could mess up Moodle pages.
*
* NOTE: the format parameter was deprecated because we can safely clean only HTML.
*
* @param string $text The text to be cleaned
* @param int $format deprecated parameter, should always contain FORMAT_HTML or FORMAT_MOODLE
* @param array $options Array of options; currently only option supported is 'allowid' (if true,
* does not remove id attributes when cleaning)
* @return string The cleaned up text
*/
function clean_text($text, $format = FORMAT_HTML, $options = array())
{
global $ALLOWED_TAGS, $CFG;
if (empty($text) or is_numeric($text)) {
return (string) $text;
}
if ($format != FORMAT_HTML and $format != FORMAT_HTML) {
// TODO: we need to standardise cleanup of text when loading it into editor first
//debugging('clean_text() is designed to work only with html');
}
if ($format == FORMAT_PLAIN) {
return $text;
}
if (!empty($CFG->enablehtmlpurifier)) {
$text = purify_html($text, $options);
} else {
/// Fix non standard entity notations
$text = fix_non_standard_entities($text);
/// Remove tags that are not allowed
$text = strip_tags($text, $ALLOWED_TAGS);
/// Clean up embedded scripts and , using kses
$text = cleanAttributes($text);
/// Again remove tags that are not allowed
$text = strip_tags($text, $ALLOWED_TAGS);
}
// Remove potential script events - some extra protection for undiscovered bugs in our code
$text = preg_replace("~([^a-z])language([[:space:]]*)=~i", "\$1Xlanguage=", $text);
$text = preg_replace("~([^a-z])on([a-z]+)([[:space:]]*)=~i", "\$1Xon\$2=", $text);
return $text;
}
/**
* Given raw text (eg typed in by a user), this function cleans it up
* and removes any nasty tags that could mess up Moodle pages.
*
* @uses FORMAT_MOODLE
* @uses FORMAT_PLAIN
* @global string
* @global object
* @param string $text The text to be cleaned
* @param int $format Identifier of the text format to be used
* [FORMAT_MOODLE, FORMAT_HTML, FORMAT_PLAIN, FORMAT_WIKI, FORMAT_MARKDOWN]
* @return string The cleaned up text
*/
function clean_text($text, $format = FORMAT_MOODLE)
{
global $ALLOWED_TAGS, $CFG;
if (empty($text) or is_numeric($text)) {
return (string) $text;
}
switch ($format) {
case FORMAT_PLAIN:
case FORMAT_MARKDOWN:
return $text;
default:
if (!empty($CFG->enablehtmlpurifier)) {
$text = purify_html($text);
} else {
/// Fix non standard entity notations
$text = fix_non_standard_entities($text);
/// Remove tags that are not allowed
$text = strip_tags($text, $ALLOWED_TAGS);
/// Clean up embedded scripts and , using kses
$text = cleanAttributes($text);
/// Again remove tags that are not allowed
$text = strip_tags($text, $ALLOWED_TAGS);
}
/// Remove potential script events - some extra protection for undiscovered bugs in our code
$text = preg_replace("~([^a-z])language([[:space:]]*)=~i", "\$1Xlanguage=", $text);
$text = preg_replace("~([^a-z])on([a-z]+)([[:space:]]*)=~i", "\$1Xon\$2=", $text);
return $text;
}
}
