Security: User FormValidator::addHtmlEditor FormValidator::addElement('html_editor')

11 months ago · 2c32fdef69
parent 9edc811a5f
commit 2c32fdef69
17 changed files with 94 additions and 84 deletions
--- a/main/exercise/MultipleAnswerTrueFalseDegreeCertainty.php
+++ b/main/exercise/MultipleAnswerTrueFalseDegreeCertainty.php
@ -163,6 +163,7 @@ class MultipleAnswerTrueFalseDegreeCertainty extends Question
                ['ToolbarSet' => 'TestProposedAnswer', 'Width' => '100%', 'Height' => '100']
            );
            $form->addRule('answer['.$i.']', get_lang('ThisFieldIsRequired'), 'required');
+            $form->applyFilter("answer[$i]", 'attr_on_filter');

            if (isset($_POST['answer']) && isset($_POST['answer'][$i])) {
                $txtAnswer->setValue(Security::remove_XSS($_POST['answer'][$i]));
@ -177,6 +178,7 @@ class MultipleAnswerTrueFalseDegreeCertainty extends Question
                    ['style' => 'vertical-align:middle;'],
                    ['ToolbarSet' => 'TestProposedAnswer', 'Width' => '100%', 'Height' => '100']
                );
+                $form->applyFilter("comment[$i]", 'attr_on_filter');

                if (isset($_POST['comment']) && isset($_POST['comment'][$i])) {
                    $txtComment->setValue(Security::remove_XSS($_POST['comment'][$i]));
--- a/main/exercise/calculated_answer.class.php
+++ b/main/exercise/calculated_answer.class.php
@ -133,6 +133,7 @@ class CalculatedAnswer extends Question

        $form->addRule('answer', get_lang('GiveText'), 'required');
        $form->addRule('answer', get_lang('DefineBlanks'), 'regex', '/\[.*\]/');
+        $form->applyFilter('answer', 'attr_on_filter');

        $form->addElement('label', null, get_lang('IfYouWantOnlyIntegerValuesWriteBothLimitsWithoutDecimals'));
        $form->addElement('html', '<div id="blanks_weighting"></div>');
--- a/main/exercise/exercise_show.php
+++ b/main/exercise/exercise_show.php
@ -659,12 +659,13 @@ foreach ($questionList as $questionId) {
            $default = [$textareaId => $comnt];

            if ($useAdvancedEditor) {
-                $feedback_form->addElement(
-                    'html_editor',
+                $feedback_form->addHtmlEditor(
                    $textareaId,
-                    null,
-                    ['id' => $textareaId],
+                    '',
+                    false,
+                    false,
                    [
+                        'id' => $textareaId,
                        'ToolbarSet' => 'TestAnswerFeedback',
                        'Width' => '100%',
                        'Height' => '120',
@ -672,6 +673,7 @@ foreach ($questionList as $questionId) {
                );
            } else {
                $feedback_form->addElement('textarea', $textareaId, ['id' => $textareaId]);
+                $feedback_form->applyFilter($textareaId, 'attr_on_filter');
            }
            $feedback_form->setDefaults($default);
            $feedback_form->display();
--- a/main/exercise/fill_blanks.class.php
+++ b/main/exercise/fill_blanks.class.php
@ -338,14 +338,16 @@ class FillBlanks extends Question
            null,
            get_lang('TypeTextBelow').', '.get_lang('And').' '.get_lang('UseTagForBlank')
        );
-        $form->addElement(
-            'html_editor',
+        $form->addHtmlEditor(
            'answer',
            Display::return_icon('fill_field.png'),
-            ['id' => 'answer'],
-            ['ToolbarSet' => 'TestQuestionDescription']
+            true,
+            false,
+            [
+                'id' => 'answer',
+                'ToolbarSet' => 'TestQuestionDescription',
+            ]
        );
-        $form->addRule('answer', get_lang('GiveText'), 'required');

        //added multiple answers
        $form->addElement('checkbox', 'multiple_answer', '', get_lang('FillInBlankSwitchable'));
--- a/main/exercise/global_multiple_answer.class.php
+++ b/main/exercise/global_multiple_answer.class.php
@ -119,23 +119,22 @@ class GlobalMultipleAnswer extends Question
            $form->addElement('checkbox', 'correct['.$i.']', null, null, 'class="checkbox"');
            $boxes_names[] = 'correct['.$i.']';

-            $form->addElement(
-                'html_editor',
-                'answer['.$i.']',
-                null,
-                [],
+            $form->addHtmlEditor(
+                "answer[$i]",
+                '',
+                false,
+                false,
                [
                    'ToolbarSet' => 'TestProposedAnswer',
                    'Width' => '100%',
                    'Height' => '100',
                ]
            );
-            $form->addRule('answer['.$i.']', get_lang('ThisFieldIsRequired'), 'required');
-            $form->addElement(
-                'html_editor',
-                'comment['.$i.']',
-                null,
-                [],
+            $form->addHtmlEditor(
+                "comment[$i]",
+                '',
+                false,
+                false,
                [
                    'ToolbarSet' => 'TestProposedAnswer',
                    'Width' => '100%',
--- a/main/exercise/multiple_answer_combination.class.php
+++ b/main/exercise/multiple_answer_combination.class.php
@ -121,20 +121,19 @@ class MultipleAnswerCombination extends Question
            );
            $boxes_names[] = 'correct['.$i.']';

-            $form->addElement(
-                'html_editor',
-                'answer['.$i.']',
-                null,
-                [],
+            $form->addHtmlEditor(
+                "answer[$i]",
+                '',
+                true,
+                false,
                ['ToolbarSet' => 'TestProposedAnswer', 'Width' => '100%', 'Height' => '100']
            );
-            $form->addRule('answer['.$i.']', get_lang('ThisFieldIsRequired'), 'required');

-            $form->addElement(
-                'html_editor',
-                'comment['.$i.']',
-                null,
-                [],
+            $form->addHtmlEditor(
+                "comment[$i]",
+                '',
+                false,
+                false,
                ['ToolbarSet' => 'TestProposedAnswer', 'Width' => '100%', 'Height' => '100']
            );

--- a/main/exercise/multiple_answer_true_false.class.php
+++ b/main/exercise/multiple_answer_true_false.class.php
@ -162,6 +162,7 @@ class MultipleAnswerTrueFalse extends Question
                        'Height' => '100',
                    ]
                );
+                $form->applyFilter("comment[$i]", 'attr_on_filter');

                if (isset($_POST['comment']) && isset($_POST['comment'][$i])) {
                    $txtComment->setValue(Security::remove_XSS($_POST['comment'][$i]));
--- a/main/exercise/unique_answer_no_option.class.php
+++ b/main/exercise/unique_answer_no_option.class.php
@ -190,9 +190,9 @@ class UniqueAnswerNoOption extends Question
            $answer_number->freeze();

            $form->addElement('radio', 'correct', null, null, $i, 'class="checkbox" style="margin-left: 0em;"');
-            $form->addElement('html_editor', 'answer['.$i.']', null, [], $editor_config);
+            $form->addHtmlEditor("answer[$i]", '', false, false, $editor_config);

-            $form->addElement('html_editor', 'comment['.$i.']', null, [], $editor_config);
+            $form->addHtmlEditor("comment[$i]", '', false, false, $editor_config);
            $form->addElement('text', 'weighting['.$i.']', null, ['style' => 'width: 60px;', 'value' => '0']);
            $form->addElement('html', '</tr>');
            $i++;
@ -240,10 +240,10 @@ class UniqueAnswerNoOption extends Question

        $form->addElement('hidden', 'position['.$i.']', '666');
        $form->addElement('radio', 'correct', null, null, $i, ['class' => 'checkbox', 'disabled' => true]);
-        $form->addElement('html_editor', 'answer['.$i.']', null, [], $editor_config);
+        $form->addHtmlEditor("answer[$i]", '', false, false, $editor_config);

        $form->addRule('answer['.$i.']', get_lang('ThisFieldIsRequired'), 'required');
-        $form->addElement('html_editor', 'comment['.$i.']', null, [], $editor_config);
+        $form->addHtmlEditor("comment[$i]", '', false, false, $editor_config);
        $form->addElement('text', "weighting[$i]", null)->freeze();

        $form->addHTml('</tr>');
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@ -202,11 +202,11 @@ function show_add_forumcategory_form($lp_id)
    $form->addElement('header', get_lang('AddForumCategory'));
    $form->addElement('text', 'forum_category_title', get_lang('Title'), ['autofocus']);
    $form->applyFilter('forum_category_title', 'html_filter');
-    $form->addElement(
-        'html_editor',
+    $form->addHtmlEditor(
        'forum_category_comment',
        get_lang('Description'),
-        null,
+        false,
+        false,
        ['ToolbarSet' => 'Forum', 'Width' => '98%', 'Height' => '200']
    );

@ -283,11 +283,11 @@ function show_add_forum_form($inputvalues = [], $lp_id = 0)
    $form->applyFilter('forum_title', 'html_filter');

    // The comment of the forum.
-    $form->addElement(
-        'html_editor',
+    $form->addHtmlEditor(
        'forum_comment',
        get_lang('Description'),
-        null,
+        false,
+        false,
        ['ToolbarSet' => 'Forum', 'Width' => '98%', 'Height' => '200']
    );

@ -533,11 +533,11 @@ function show_edit_forumcategory_form($inputvalues = [])
    $form->addElement('text', 'forum_category_title', get_lang('Title'));
    $form->applyFilter('forum_category_title', 'html_filter');

-    $form->addElement(
-        'html_editor',
+    $form->addHtmlEditor(
        'forum_category_comment',
        get_lang('Comment'),
-        null,
+        false,
+        false,
        ['ToolbarSet' => 'Forum', 'Width' => '98%', 'Height' => '200']
    );

@ -4047,11 +4047,11 @@ function show_edit_post_form(

    $form->addElement('text', 'post_title', get_lang('Title'));
    $form->applyFilter('post_title', 'html_filter');
-    $form->addElement(
-        'html_editor',
+    $form->addHtmlEditor(
        'post_text',
        get_lang('Text'),
-        null,
+        true,
+        false,
        api_is_allowed_to_edit(null, true) ? [
            'ToolbarSet' => 'Forum',
            'Width' => '100%',
@ -4063,7 +4063,6 @@ function show_edit_post_form(
            'UserStatus' => 'student',
        ]
    );
-    $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required');

    $extraFields = new ExtraField('forum_post');
    $extraFields->addElements($form, $current_post['post_id']);
--- a/main/glossary/index.php
+++ b/main/glossary/index.php
@ -98,11 +98,11 @@ switch ($action) {
            $form->addElement('text', 'name', get_lang('TermName'), ['id' => 'glossary_title']);
        }

-        $form->addElement(
-            'html_editor',
+        $form->addHtmlEditor(
            'description',
            get_lang('TermDefinition'),
-            null,
+            false,
+            false,
            ['ToolbarSet' => 'Glossary', 'Height' => '300']
        );
        $form->addButtonCreate(get_lang('TermAddButton'), 'SubmitGlossary');
@ -162,11 +162,11 @@ switch ($action) {
                $form->addElement('text', 'name', get_lang('TermName'), ['id' => 'glossary_title']);
            }

-            $form->addElement(
-                'html_editor',
+            $form->addHtmlEditor(
                'description',
                get_lang('TermDefinition'),
-                null,
+                false,
+                false,
                ['ToolbarSet' => 'Glossary', 'Height' => '300']
            );

--- a/main/inc/lib/agenda.lib.php
+++ b/main/inc/lib/agenda.lib.php
@ -3106,12 +3106,13 @@ class Agenda
            $toolbar = 'AgendaStudent';
        }

-        $form->addElement(
-            'html_editor',
+        $form->addHtmlEditor(
            'content',
            get_lang('Description'),
-            null,
+            false,
+            false,
            [
+                'style' => 'vertical-align:middle;',
                'ToolbarSet' => $toolbar,
                'Width' => '100%',
                'Height' => '200',
--- a/main/inc/lib/formvalidator/FormValidator.class.php
+++ b/main/inc/lib/formvalidator/FormValidator.class.php
@ -384,6 +384,7 @@ EOT;
        if ($required) {
            $this->addRule($name, get_lang('ThisFieldIsRequired'), 'required');
        }
+        $this->applyFilter($name, 'attr_on_filter');

        return $element;
    }
--- a/main/lp/learnpath.class.php
+++ b/main/lp/learnpath.class.php
@ -9054,7 +9054,7 @@ class learnpath
                'BaseHref' => api_get_path(WEB_COURSE_PATH).api_get_course_path().$item_path_fck,
            ];

-            $form->addElement('html_editor', 'content_lp', '', null, $editor_config);
+            $form->addHtmlEditor('content_lp', '', true, true, $editor_config);
            $content_path = api_get_path(SYS_COURSE_PATH).api_get_course_path().$item_path_fck;
            $defaults['content_lp'] = file_get_contents($content_path);
        }
--- a/main/lp/lp_edit.php
+++ b/main/lp/lp_edit.php
@ -104,11 +104,11 @@ if (api_get_setting('allow_course_theme') === 'true') {
 }

 // Author
-$form->addElement(
-    'html_editor',
+$form->addHtmlEditor(
    'lp_author',
    get_lang('Author'),
-    ['size' => 80],
+    false,
+    false,
    ['ToolbarSet' => 'LearningPathAuthor', 'Width' => '100%', 'Height' => '200px']
 );
 $form->applyFilter('lp_author', 'html_filter');
--- a/main/notebook/index.php
+++ b/main/notebook/index.php
@ -91,11 +91,12 @@ if ($action === 'addnote') {
    $form->addElement('header', '', get_lang('NoteAddNew'));
    $form->addElement('text', 'note_title', get_lang('NoteTitle'), ['id' => 'note_title']);
    $form->applyFilter('text', 'html_filter');
-    $form->addElement(
-        'html_editor',
+    $form->applyFilter('text', 'attr_on_filter');
+    $form->addHtmlEditor(
        'note_comment',
        get_lang('NoteComment'),
-        null,
+        false,
+        false,
        api_is_allowed_to_edit() ? ['ToolbarSet' => 'Notebook', 'Width' => '100%', 'Height' => '300'] : ['ToolbarSet' => 'NotebookStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student']
    );
    $form->addButtonCreate(get_lang('AddNote'), 'SubmitNote');
@ -158,14 +159,15 @@ if ($action === 'addnote') {
    $form->addElement('hidden', 'notebook_id');
    $form->addElement('text', 'note_title', get_lang('NoteTitle'), ['size' => '100']);
    $form->applyFilter('text', 'html_filter');
-    $form->addElement(
-        'html_editor',
+    $form->applyFilter('text', 'attr_on_filter');
+    $form->addHtmlEditor(
        'note_comment',
        get_lang('NoteComment'),
-        null,
+        false,
+        false,
        api_is_allowed_to_edit()
-        ? ['ToolbarSet' => 'Notebook', 'Width' => '100%', 'Height' => '300']
-        : ['ToolbarSet' => 'NotebookStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student']
+            ? ['ToolbarSet' => 'Notebook', 'Width' => '100%', 'Height' => '300']
+            : ['ToolbarSet' => 'NotebookStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student']
    );
    $form->addButtonUpdate(get_lang('ModifyNote'), 'SubmitNote');

--- a/main/survey/create_new_survey.php
+++ b/main/survey/create_new_survey.php
@ -142,18 +142,18 @@ if ('edit' == $action) {
    $form->applyFilter('survey_code', 'api_strtoupper');
 }

-$form->addElement(
-    'html_editor',
+$form->addHtmlEditor(
    'survey_title',
    get_lang('SurveyTitle'),
-    null,
+    false,
+    false,
    ['ToolbarSet' => 'Survey', 'Width' => '100%', 'Height' => '200']
 );
-$form->addElement(
-    'html_editor',
+$form->addHtmlEditor(
    'survey_subtitle',
    get_lang('SurveySubTitle'),
-    null,
+    false,
+    false,
    [
        'ToolbarSet' => 'Survey',
        'Width' => '100%',
@ -194,18 +194,18 @@ if (api_get_configuration_value('hide_survey_reporting_button')) {
    $form->addElement('select', 'visible_results', get_lang('ResultsVisibility'), $visibleResults);
 }
 //$defaults['visible_results'] = 0;
-$form->addElement(
-    'html_editor',
+$form->addHtmlEditor(
    'survey_introduction',
    get_lang('SurveyIntroduction'),
-    null,
+    false,
+    false,
    ['ToolbarSet' => 'Survey', 'Width' => '100%', 'Height' => '130', 'ToolbarStartExpanded' => false]
 );
-$form->addElement(
-    'html_editor',
+$form->addHtmlEditor(
    'survey_thanks',
    get_lang('SurveyThanks'),
-    null,
+    false,
+    false,
    ['ToolbarSet' => 'Survey', 'Width' => '100%', 'Height' => '130', 'ToolbarStartExpanded' => false]
 );

--- a/plugin/notebookteacher/src/NotebookTeacher.php
+++ b/plugin/notebookteacher/src/NotebookTeacher.php
@ -512,11 +512,12 @@ class NotebookTeacher

        $form->addElement('text', 'note_title', get_lang('NoteTitle'), ['id' => 'note_title']);
        $form->applyFilter('text', 'html_filter');
-        $form->addElement(
-            'html_editor',
+        $form->applyFilter('text', 'attr_on_filter');
+        $form->addHtmlEditor(
            'note_comment',
            get_lang('NoteComment'),
-            null,
+            false,
+            false,
            api_is_allowed_to_edit()
                ? ['ToolbarSet' => 'Notebook', 'Width' => '100%', 'Height' => '300']
                : ['ToolbarSet' => 'NotebookStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student']