Closed (fixed)
Project:
Quiz
Version:
6.x-2.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
22 Oct 2006 at 21:56 UTC
Updated:
22 Jun 2014 at 16:17 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
seanbfuller commentedThis is a first pass and getting everything properly filtered. I may have missed a few things, but this should get the most obvious ones. Feel free to take another pass.
One question I have:
Wrapping the multichoice question answers in check_markup() gives them
tags and drops the answer to the next line under the selection element. It seems like check_plain() is not the way to go. I have a feeling that this is too restrictive, as some people might want bolds and italics (at the very least). Additionally, as it currently stands tinyMCE alters the answer textboxes to be richtext, bringing the expectation that formatting is allowed.
For this patch I added a div around the answer and a quick css rule to make p tags display inline. I feel that this also breaks expectations and I'm not happy with it yet. Any suggestions on this are welcome.
Comment #2
seanbfuller commentedUpdated version that does a slightly better job of displaying the answers. It uses margins to position the answer text next to the checkbox or radio button, meaning that p tags and other block level markup work as intended and the answer text is also properly filtered. CSS tested in firefox, Netscape and IE.
Comment #3
gilcot commentedThe patch adds
$form['start']just before$form['question']intomultichoice.moduleSo i think that a
$form['stop'] before the call of <code>drupal_get_formis missing (otherwise<div class="multichoice_form">is not closed)Or maybe i'm missing something?
Comment #4
webchickThat $form['start'] and $form['stop'] stuff is kind of a hack -- anywhere the module's outputting HTML, it should ideally be in a theme function.. so:
or something...
However, we should primarily be concerned with making sure the check_markups are in place; cleaning up the display layer can follow-up in additional patches.
Comment #5
webchickBtw, Sean, don't bother waiting for other reviews to fix security problems... just commit directly.
Comment #6
seanbfuller commentedComment #7
gilcot commentedit's like there's a parameter missing in check_markup() call
Comment #8
seanbfuller commentedComment #9
(not verified) commented