MDL-50709 groups: Prevent XSS in grouping description
authorJohn Okely <john@moodle.com>
Tue, 28 Jul 2015 09:00:04 +0000 (17:00 +0800)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Tue, 8 Sep 2015 10:47:54 +0000 (12:47 +0200)
group/overview.php

index 6d114c5..173ab92 100644 (file)
@@ -206,7 +206,6 @@ foreach ($members as $gpgid=>$groupdata) {
         echo $OUTPUT->heading($groupings[$gpgid]->formattedname, 3);
         $description = file_rewrite_pluginfile_urls($groupings[$gpgid]->description, 'pluginfile.php', $context->id, 'grouping', 'description', $gpgid);
         $options = new stdClass;
-        $options->noclean = true;
         $options->overflowdiv = true;
         echo $OUTPUT->box(format_text($description, $groupings[$gpgid]->descriptionformat, $options), 'generalbox boxwidthnarrow boxaligncenter');
     }