From 424f57b2a73ff69ff12a820737d4ebe98f09b2b8 Mon Sep 17 00:00:00 2001
From: ywarnier <ywarnier@beeznest.org>
Date: Thu, 30 Dec 2010 12:49:39 -0500
Subject: [PATCH] Minor - updated comments about HTML style filtering

---
 main/forum/forumfunction.inc.php   |  5 +++--
 main/forum/viewthread_flat.inc.php | 11 ++++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php
index 1558018ef8..14df283073 100755
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@@ -3262,8 +3262,9 @@ function prepare4display($input='') {
 				$counter++;
 			}
 		}
-		//return api_html_entity_decode(stripslashes($input));
-		return Security::remove_XSS($input, STUDENT);
+        //return api_html_entity_decode(stripslashes($input));
+        //change this to COURSEMANAGERLOWSECURITY or COURSEMANAGER to lower filtering and allow more styles (see comments of Security::remove_XSS() method to learn about other levels)
+        return Security::remove_XSS($input, STUDENT);
 	} else {
 		$returnarray=array_walk($input, 'api_html_entity_decode');
 		$returnarray=array_walk($input, 'stripslashes');
diff --git a/main/forum/viewthread_flat.inc.php b/main/forum/viewthread_flat.inc.php
index d4c1a11749..e3b7461e54 100755
--- a/main/forum/viewthread_flat.inc.php
+++ b/main/forum/viewthread_flat.inc.php
@@ -111,7 +111,7 @@ if (isset($current_thread['thread_id'])){
 			}
 		}
 		echo "</td>";
-		// show the
+		// prepare the notification icon
 		if (isset($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]) and !empty($whatsnew_post_info[$current_forum['forum_id']][$current_thread['thread_id']][$row['post_id']]) and !empty($whatsnew_post_info[$_GET['forum']][$row['thread_id']])) {
 			$post_image=icon('../img/forumpostnew.gif');
 		} else {
@@ -124,10 +124,11 @@ if (isset($current_thread['thread_id'])){
 		
 		echo "</tr>";
 		
-		// The post message
-		echo "<tr>";
-		echo "<td class=\"$messageclass\">".prepare4display($row['post_text'])."</td>";
-		echo "</tr>";
+        // The post message
+        echo "<tr>";
+        // see comments inside forumfunction.inc.php to lower filtering and allow more visual changes
+        echo "<td class=\"$messageclass\">".prepare4display($row['post_text'])."</td>";
+        echo "</tr>";
 	
 		// The check if there is an attachment