From 484a9765222dddc6208a872c020db11cfced186d Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Thu, 2 Sep 2010 18:16:45 +0000 Subject: [PATCH] MDL-23184 PARAM_CLEANHTML used in messaging for now, adding some hints how to implement support for text formats properly --- admin/user/user_bulk_message.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/admin/user/user_bulk_message.php b/admin/user/user_bulk_message.php index 2decac4c04e76..cfa5fd23d136c 100755 --- a/admin/user/user_bulk_message.php +++ b/admin/user/user_bulk_message.php @@ -4,7 +4,7 @@ require_once($CFG->dirroot.'/message/lib.php'); require_once('user_message_form.php'); -$msg = optional_param('msg', '', PARAM_CLEAN); +$msg = optional_param('msg', '', PARAM_CLEANHTML); $confirm = optional_param('confirm', 0, PARAM_BOOL); require_login(); @@ -27,7 +27,7 @@ list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users); if ($rs = $DB->get_recordset_select('user', "id $in", $params)) { foreach ($rs as $user) { - message_post_message($USER, $user, $msg, FORMAT_HTML, 'direct'); + message_post_message($USER, $user, $msg, FORMAT_HTML, 'direct'); // TODO: this is weird, we should support all text formats here } $rs->close(); } @@ -52,9 +52,9 @@ $usernames = implode(', ', $userlist); echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('confirmation', 'admin')); - echo $OUTPUT->box($msg, 'boxwidthnarrow boxaligncenter generalbox', 'preview'); + echo $OUTPUT->box($msg, 'boxwidthnarrow boxaligncenter generalbox', 'preview'); //TODO: clean once we start using proper text formats here - $formcontinue = new single_button(new moodle_url('user_bulk_message.php', array('confirm' => 1, 'msg' => $msg)), get_string('yes')); + $formcontinue = new single_button(new moodle_url('user_bulk_message.php', array('confirm' => 1, 'msg' => $msg)), get_string('yes')); //TODO: clean once we start using proper text formats here $formcancel = new single_button('user_bulk.php', get_string('no'), 'get'); echo $OUTPUT->confirm(get_string('confirmmessage', 'bulkusers', $usernames), $formcontinue, $formcancel); echo $OUTPUT->footer();