MDL-69050 lang: Fix the variable name in the TeX filter library

mvaraujo · Sep 24, 2020 · e04e0c8 · e04e0c8
1 parent 6bfc468
commit e04e0c8
Showing 1 changed file with 23 additions and 15 deletions.
diff --git a/filter/tex/lib.php b/filter/tex/lib.php
@@ -59,21 +59,29 @@ function filter_tex_get_executable($debug=false) {
     print_error('mimetexisnotexist', 'error');
 }
 
-function filter_tex_sanitize_formula($texexp) {
-    /// Check $texexp against blacklist (whitelisting could be more complete but also harder to maintain)
-    $tex_blacklist = array(
-        'include','command','loop','repeat','open','toks','output',
-        'input','catcode','name','^^',
-        '\def','\edef','\gdef','\xdef',
-        '\every','\errhelp','\errorstopmode','\scrollmode','\nonstopmode',
-        '\batchmode','\read','\write','csname','\newhelp','\uppercase',
-        '\lowercase','\relax','\aftergroup',
-        '\afterassignment','\expandafter','\noexpand','\special',
-        '\let', '\futurelet','\else','\fi','\chardef','\makeatletter','\afterground',
-        '\noexpand','\line','\mathcode','\item','\section','\mbox','\declarerobustcommand'
-    );
-
-    return  str_ireplace($tex_blacklist, 'forbiddenkeyword', $texexp);
+/**
+ * Check the formula expression against the list of denied keywords.
+ *
+ * List of allowed could be more complete but also harder to maintain.
+ *
+ * @param string $texexp Formula expression to check.
+ * @return string Formula expression with denied keywords replaced with 'forbiddenkeyword'.
+ */
+function filter_tex_sanitize_formula(string $texexp): string {
+
+    $denylist = [
+        'include', 'command', 'loop', 'repeat', 'open', 'toks', 'output',
+        'input', 'catcode', 'name', '^^',
+        '\def', '\edef', '\gdef', '\xdef',
+        '\every', '\errhelp', '\errorstopmode', '\scrollmode', '\nonstopmode',
+        '\batchmode', '\read', '\write', 'csname', '\newhelp', '\uppercase',
+        '\lowercase', '\relax', '\aftergroup',
+        '\afterassignment', '\expandafter', '\noexpand', '\special',
+        '\let', '\futurelet', '\else', '\fi', '\chardef', '\makeatletter', '\afterground',
+        '\noexpand', '\line', '\mathcode', '\item', '\section', '\mbox', '\declarerobustcommand',
+    ];
+
+    return str_ireplace($denylist, 'forbiddenkeyword', $texexp);
 }
 
 function filter_tex_get_cmd($pathname, $texexp) {