MDL-69911 core: Clean content passed through TeX filter

11e13d16 · Michael Hawkins · Jenkins · ce87be7d · 11e13d16
Commit 11e13d16 authored Dec 01, 2020 by Michael Hawkins Committed by Jenkins Jan 12, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

filter/tex/filter.php filter/tex/filter.php +3 -0

No files found.
--- a/filter/tex/filter.php
+++ b/filter/tex/filter.php
@@ -189,6 +189,9 @@ class filter_tex extends moodle_text_filter {
                continue;
            }

+            // Sanitize the decoded string, because filter_text_image() injects the final string between script tags.
+            $texexp = clean_param($texexp, PARAM_TEXT);
+
            $md5 = md5($texexp);
            if (!$DB->record_exists("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) {
                $texcache = new stdClass();