Wiki: option to allow low security filtering on wiki pages - refs BT#20230

3 years ago · 535d0cd58e
parent b2a3f9184d
commit 535d0cd58e
2 changed files with 7 additions and 1 deletions
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@ -313,6 +313,8 @@ $_configuration['system_stable'] = NEW_VERSION_STABLE;
 // $_configuration['question_exercise_html_strict_filtering'] = true;
 // Allows to do a remove_XSS in exersice result end text with user status COURSEMANAGERLOWSECURITY
 // $_configuration['exercise_result_end_text_html_strict_filtering'] = true;
+// Allows to do a remove_XSS in wiki pages with user status COURSEMANAGERLOWSECURITY
+// $_configuration['wiki_html_strict_filtering'] = true;
 // Prevents the duplicate upload in assignments
 // $_configuration['assignment_prevent_duplicate_upload'] = false;
 //Show student progress in My courses page
--- a/main/wiki/wiki.inc.php
+++ b/main/wiki/wiki.inc.php
@ -1096,7 +1096,11 @@ class Wiki
                );
            }
        } else {
-            $content = Security::remove_XSS($row['content']);
+            if (true === api_get_configuration_value('wiki_html_strict_filtering')) {
+                $content = Security::remove_XSS($row['content'],COURSEMANAGERLOWSECURITY));
+            } else {
+                $content = Security::remove_XSS($row['content']);
+            }
            $title = Security::remove_XSS($row['title']);
        }