From dcdfeb99560db8f2195d89a57edcd21f14185d3e Mon Sep 17 00:00:00 2001
From: Mark Nelson <markn@moodle.com>
Date: Thu, 11 Apr 2013 19:25:55 +0800
Subject: [PATCH] Changed the validation of the colour picker to only allow
 HTML colours or hexadecimal values

The reason for this is because the call to TCPDF_COLORS::convertHTMLColorToDec only allows these values.
---
 elements/element.class.php | 14 ++------------
 lang/en/customcert.php     |  2 +-
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/elements/element.class.php b/elements/element.class.php
index 2d08583..91d5e97 100644
--- a/elements/element.class.php
+++ b/elements/element.class.php
@@ -286,18 +286,8 @@ class customcert_element_base {
             return true;
         } else if (in_array(strtolower($colour), $colournames)) {
             return true;
-        } else if (preg_match('/rgb\(\d{0,3}%?\, ?\d{0,3}%?, ?\d{0,3}%?\)/i', $colour)) {
-            return true;
-        } else if (preg_match('/rgba\(\d{0,3}%?\, ?\d{0,3}%?, ?\d{0,3}%?\, ?\d(\.\d)?\)/i', $colour)) {
-            return true;
-        } else if (preg_match('/hsl\(\d{0,3}\, ?\d{0,3}%, ?\d{0,3}%\)/i', $colour)) {
-            return true;
-        } else if (preg_match('/hsla\(\d{0,3}\, ?\d{0,3}%,\d{0,3}%\, ?\d(\.\d)?\)/i', $colour)) {
-            return true;
-        } else if (($colour == 'transparent') || ($colour == 'currentColor') || ($colour == 'inherit')) {
-            return true;
-        } else {
-            return false;
         }
+
+        return false;
     }
 }
diff --git a/lang/en/customcert.php b/lang/en/customcert.php
index de13c3b..31070b4 100644
--- a/lang/en/customcert.php
+++ b/lang/en/customcert.php
@@ -48,7 +48,7 @@ $string['height'] = 'Height';
 $string['heightnotvalid'] = 'The height has to be a valid number.';
 $string['height_help'] = 'This is the height of the certificate PDF in mm. For reference an A4 piece of paper is 297mm high and a letter is 279mm high.';
 $string['intro'] = 'Introduction';
-$string['invalidcolour'] = 'Invalid colour chosen.';
+$string['invalidcolour'] = 'Invalid colour chosen, please enter a valid HTML colour name, or a six-digit, or three-digit hexadecimal colour.';
 $string['invalidposition'] = 'Please select a positive number for position {$a}.';
 $string['issued'] = 'Issued';
 $string['landscape'] = 'Landscape';