chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
Fix GHSA-8qqw-rjh4-5gp2
pull/5867/head
Angel Fernando Quiroz Campos 1 year ago committed by GitHub
parent d3c6f5dc6c
commit df47eac9b9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      main/inc/lib/formvalidator/FormValidator.class.php

13
main/inc/lib/formvalidator/FormValidator.class.php
Unescape View File

@ -1106,6 +1106,7 @@ EOT;
$this->addElement('html_editor', $name, $label, $attributes, $config); $this->addElement('html_editor', $name, $label, $attributes, $config);
$this->applyFilter($name, 'trim'); $this->applyFilter($name, 'trim');
$this->applyFilter($name, 'attr_on_filter');
if ($required) { if ($required) {
$this->addRule($name, get_lang('ThisFieldIsRequired'), 'required'); $this->addRule($name, get_lang('ThisFieldIsRequired'), 'required');
} }
@ -2097,3 +2098,15 @@ function plain_url_filter($html, $mode = NO_HTML)
return kses_split($html, $allowed_html_fixed, ['http', 'https']); return kses_split($html, $allowed_html_fixed, ['http', 'https']);
} }
/**
* Prevent execution of event handlers in HTML elements.
*
* @param string $html
* @return string
*/
function attr_on_filter($html) {
$prefix = uniqid('data-cke-').'-';
return preg_replace('/(\s)(on)/i', '$1'.$prefix.'$2', $html);
}

Write Preview
Loading…
Cancel
Save