From 11e13d1629a960b431c7f0fbc64e504bd32ae01a Mon Sep 17 00:00:00 2001 From: Michael Hawkins Date: Tue, 1 Dec 2020 18:59:03 +0800 Subject: [PATCH] MDL-69911 core: Clean content passed through TeX filter --- filter/tex/filter.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/filter/tex/filter.php b/filter/tex/filter.php index 395638d22b7..66f9eb00e99 100644 --- a/filter/tex/filter.php +++ b/filter/tex/filter.php @@ -189,6 +189,9 @@ class filter_tex extends moodle_text_filter { continue; } + // Sanitize the decoded string, because filter_text_image() injects the final string between script tags. + $texexp = clean_param($texexp, PARAM_TEXT); + $md5 = md5($texexp); if (!$DB->record_exists("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) { $texcache = new stdClass(); -- 2.43.0