function test_fix_non_standard_entities() { $this->assertEqual(fix_non_standard_entities('£ä'), '£ä'); $this->assertEqual(fix_non_standard_entities('£ä'), '£ä'); }
/** * Given raw text (eg typed in by a user), this function cleans it up * and removes any nasty tags that could mess up Moodle pages. * * NOTE: the format parameter was deprecated because we can safely clean only HTML. * * @param string $text The text to be cleaned * @param int $format deprecated parameter, should always contain FORMAT_HTML or FORMAT_MOODLE * @param array $options Array of options; currently only option supported is 'allowid' (if true, * does not remove id attributes when cleaning) * @return string The cleaned up text */ function clean_text($text, $format = FORMAT_HTML, $options = array()) { global $ALLOWED_TAGS, $CFG; if (empty($text) or is_numeric($text)) { return (string) $text; } if ($format != FORMAT_HTML and $format != FORMAT_HTML) { // TODO: we need to standardise cleanup of text when loading it into editor first //debugging('clean_text() is designed to work only with html'); } if ($format == FORMAT_PLAIN) { return $text; } if (!empty($CFG->enablehtmlpurifier)) { $text = purify_html($text, $options); } else { /// Fix non standard entity notations $text = fix_non_standard_entities($text); /// Remove tags that are not allowed $text = strip_tags($text, $ALLOWED_TAGS); /// Clean up embedded scripts and , using kses $text = cleanAttributes($text); /// Again remove tags that are not allowed $text = strip_tags($text, $ALLOWED_TAGS); } // Remove potential script events - some extra protection for undiscovered bugs in our code $text = preg_replace("~([^a-z])language([[:space:]]*)=~i", "\$1Xlanguage=", $text); $text = preg_replace("~([^a-z])on([a-z]+)([[:space:]]*)=~i", "\$1Xon\$2=", $text); return $text; }
/** * Given raw text (eg typed in by a user), this function cleans it up * and removes any nasty tags that could mess up Moodle pages. * * @uses FORMAT_MOODLE * @uses FORMAT_PLAIN * @global string * @global object * @param string $text The text to be cleaned * @param int $format Identifier of the text format to be used * [FORMAT_MOODLE, FORMAT_HTML, FORMAT_PLAIN, FORMAT_WIKI, FORMAT_MARKDOWN] * @return string The cleaned up text */ function clean_text($text, $format = FORMAT_MOODLE) { global $ALLOWED_TAGS, $CFG; if (empty($text) or is_numeric($text)) { return (string) $text; } switch ($format) { case FORMAT_PLAIN: case FORMAT_MARKDOWN: return $text; default: if (!empty($CFG->enablehtmlpurifier)) { $text = purify_html($text); } else { /// Fix non standard entity notations $text = fix_non_standard_entities($text); /// Remove tags that are not allowed $text = strip_tags($text, $ALLOWED_TAGS); /// Clean up embedded scripts and , using kses $text = cleanAttributes($text); /// Again remove tags that are not allowed $text = strip_tags($text, $ALLOWED_TAGS); } /// Remove potential script events - some extra protection for undiscovered bugs in our code $text = preg_replace("~([^a-z])language([[:space:]]*)=~i", "\$1Xlanguage=", $text); $text = preg_replace("~([^a-z])on([a-z]+)([[:space:]]*)=~i", "\$1Xon\$2=", $text); return $text; } }