From 090a5f635d8061d5cda0c6e3f99dd4fab7e10094 Mon Sep 17 00:00:00 2001 From: "Eloy Lafuente (stronk7)" Date: Fri, 6 Sep 2013 11:20:19 +0200 Subject: [PATCH] MDL-41623 ensure all links are valid urls For 23 and 24 we are modifying the default Sanitizer. Note that for 24 and upwards we are doing the same with our extended Sanitizer. So this is just an interim hack for those old versions. --- lib/simplepie/readme_moodle.txt | 2 ++ lib/simplepie/simplepie.class.php | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/lib/simplepie/readme_moodle.txt b/lib/simplepie/readme_moodle.txt index 28bfa762799..578068837fc 100644 --- a/lib/simplepie/readme_moodle.txt +++ b/lib/simplepie/readme_moodle.txt @@ -5,6 +5,8 @@ Obtained from http://github.com/simplepie/simplepie/commit/798f4674468316b8cc70f Changes: * None. This import contains _NO_CHANGES_ to the simplepie.inc file, changes are controlled through OO extension of the classes instead. + * Exception: The Sanitizer has been modified to return valid URLs. The change + is done through OO extension in 25 and upwards but not in 23 and 24. Dan Poltawski Petr Skoda diff --git a/lib/simplepie/simplepie.class.php b/lib/simplepie/simplepie.class.php index 2aeb1ff569e..161cdc7143b 100644 --- a/lib/simplepie/simplepie.class.php +++ b/lib/simplepie/simplepie.class.php @@ -14466,6 +14466,10 @@ class SimplePie_Sanitize if ($type & SIMPLEPIE_CONSTRUCT_IRI) { $data = SimplePie_Misc::absolutize_url($data, $base); + // Moodle modification - Only return valid URLs. Note this change is interim and + // 2.5 and upwards have the cleaning performed in our own sanitizer. + $data = clean_param($data, PARAM_URL); + // End of Moodle modification. } if ($type & (SIMPLEPIE_CONSTRUCT_TEXT | SIMPLEPIE_CONSTRUCT_IRI)) -- 2.11.4.GIT