MDL-55724 Glossary: Prevent infinite loop in trusttext_strip
authorsam marshall <s.marshall@open.ac.uk>
Thu, 25 Aug 2016 16:04:11 +0000 (17:04 +0100)
committersam marshall <s.marshall@open.ac.uk>
Tue, 30 Aug 2016 09:25:38 +0000 (10:25 +0100)
lib/weblib.php
mod/glossary/import.php

index 530a1f0..b88d8cb 100644 (file)
@@ -1583,6 +1583,10 @@ function strip_pluginfile_content($source) {
  * @return string text without legacy TRUSTTEXT marker
  */
 function trusttext_strip($text) {
+    if (!is_string($text)) {
+        // This avoids the potential for an endless loop below.
+        throw new coding_exception('trusttext_strip parameter must be a string');
+    }
     while (true) { // Removing nested TRUSTTEXT.
         $orig = $text;
         $text = str_replace('#####TRUSTTEXT#####', '', $text);
index 87783e7..f377d07 100644 (file)
@@ -170,7 +170,11 @@ if ($xml = glossary_read_imported_file($result)) {
         $xmlentry = $xmlentries[$i];
         $newentry = new stdClass();
         $newentry->concept = trim($xmlentry['#']['CONCEPT'][0]['#']);
-        $newentry->definition = trusttext_strip($xmlentry['#']['DEFINITION'][0]['#']);
+        $definition = $xmlentry['#']['DEFINITION'][0]['#'];
+        if (!is_string($definition)) {
+            print_error('errorparsingxml', 'glossary');
+        }
+        $newentry->definition = trusttext_strip($definition);
         if ( isset($xmlentry['#']['CASESENSITIVE'][0]['#']) ) {
             $newentry->casesensitive = $xmlentry['#']['CASESENSITIVE'][0]['#'];
         } else {