chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Exercise: Allow show some html characters, enabled by question_exercise_html_strict_filtering - refs BT#18242

Browse Source
pull/3745/head
Carlos Alvarado 5 years ago
parent 4dd60411c1
commit 665d524a64
No known key found for this signature in database
GPG Key ID: B612DB1EE6658FBB
2 changed files with 30 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 32
      main/inc/lib/exercise.lib.php
  2. 2
      main/install/configuration.dist.php

32
main/inc/lib/exercise.lib.php
Unescape View File

@ -532,7 +532,13 @@ class ExerciseLib
} }
if ($answerType != UNIQUE_ANSWER_IMAGE) { if ($answerType != UNIQUE_ANSWER_IMAGE) {
$answer = Security::remove_XSS($answer, STUDENT); $userStatus = STUDENT;
// Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
// see BT#18242
if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
$userStatus = COURSEMANAGER;
}
$answer = Security::remove_XSS($answer, $userStatus);
} }
$s .= Display::input( $s .= Display::input(
'hidden', 'hidden',
@ -578,7 +584,13 @@ class ExerciseLib
case GLOBAL_MULTIPLE_ANSWER: case GLOBAL_MULTIPLE_ANSWER:
case MULTIPLE_ANSWER_TRUE_FALSE_DEGREE_CERTAINTY: case MULTIPLE_ANSWER_TRUE_FALSE_DEGREE_CERTAINTY:
$input_id = 'choice-'.$questionId.'-'.$answerId; $input_id = 'choice-'.$questionId.'-'.$answerId;
$answer = Security::remove_XSS($answer, STUDENT); $userStatus = STUDENT;
// Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
// see BT#18242
if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
$userStatus = COURSEMANAGER;
}
$answer = Security::remove_XSS($answer, $userStatus);
if (in_array($numAnswer, $userChoiceList)) { if (in_array($numAnswer, $userChoiceList)) {
$attributes = [ $attributes = [
@ -775,7 +787,13 @@ class ExerciseLib
} }
} }
$answer = Security::remove_XSS($answer, STUDENT); $userStatus = STUDENT;
// Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
// see BT#18242
if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
$userStatus = COURSEMANAGER;
}
$answer = Security::remove_XSS($answer, $userStatus);
$answer_input = '<input type="hidden" name="choice2['.$questionId.']" value="0" />'; $answer_input = '<input type="hidden" name="choice2['.$questionId.']" value="0" />';
$answer_input .= '<label class="checkbox">'; $answer_input .= '<label class="checkbox">';
$answer_input .= Display::input( $answer_input .= Display::input(
@ -811,7 +829,13 @@ class ExerciseLib
} }
} }
} }
$answer = Security::remove_XSS($answer, STUDENT); $userStatus = STUDENT;
// Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
// see BT#18242
if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
$userStatus = COURSEMANAGER;
}
$answer = Security::remove_XSS($answer, $userStatus);
$s .= '<tr>'; $s .= '<tr>';
$s .= Display::tag('td', $answer); $s .= Display::tag('td', $answer);
foreach ($objQuestionTmp->options as $key => $item) { foreach ($objQuestionTmp->options as $key => $item) {

2
main/install/configuration.dist.php
Unescape View File

@ -302,6 +302,8 @@ $_configuration['system_stable'] = NEW_VERSION_STABLE;
// Allows to do a remove_XSS in course introduction with user status COURSEMANAGERLOWSECURITY // Allows to do a remove_XSS in course introduction with user status COURSEMANAGERLOWSECURITY
// in order to accept all embed type videos (like vimeo, wistia, etc) // in order to accept all embed type videos (like vimeo, wistia, etc)
// $_configuration['course_introduction_html_strict_filtering'] = true; // $_configuration['course_introduction_html_strict_filtering'] = true;
// Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
// $_configuration['question_exercise_html_strict_filtering'] = true;
// Prevents the duplicate upload in assignments // Prevents the duplicate upload in assignments
// $_configuration['assignment_prevent_duplicate_upload'] = false; // $_configuration['assignment_prevent_duplicate_upload'] = false;
//Show student progress in My courses page //Show student progress in My courses page

Write Preview
Loading…
Cancel
Save