moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-8193 Incorrect handling of quotes in SetValue processing - recoded so that it escapes all values passed from tracks.

Browse source
This commit is contained in:
piers 2008-08-06 21:11:35 +00:00
parent b48f3e0682
commit dac958fc1b
3 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
mod/scorm/api.php
View file

@ -37,7 +37,9 @@
if ($usertrack = scorm_get_tracks($scoid,$USER->id,$attempt)) {
if ((isset($usertrack->{'cmi.exit'}) && ($usertrack->{'cmi.exit'} != 'time-out')) || ($scorm->version != "SCORM_1.3")) {
$userdata = $usertrack;
foreach ($usertrack as $key => $value) {
$userdata->$key = addslashes_js($value);
}
} else {
$userdata->status = '';
$userdata->score_raw = '';
@ -46,8 +48,8 @@
$userdata->status = '';
$userdata->score_raw = '';
}
$userdata->student_id = $USER->username;
$userdata->student_name = $USER->lastname .', '. $USER->firstname;
$userdata->student_id = addslashes_js($USER->username);
$userdata->student_name = addslashes_js($USER->lastname .', '. $USER->firstname);
$userdata->mode = 'normal';
if (isset($mode)) {
$userdata->mode = $mode;
@ -59,7 +61,7 @@
}
if ($scodatas = scorm_get_sco($scoid, SCO_DATA)) {
foreach ($scodatas as $key => $value) {
$userdata->$key = $value;
$userdata->$key = addslashes_js($value);
}
} else {
print_error('cannotfindsco', 'scorm');

2
mod/scorm/datamodels/scorm_12.js.php
View file

@ -53,7 +53,7 @@ function SCORMapi1_2() {
'cmi._version':{'defaultvalue':'3.4', 'mod':'r', 'writeerror':'402'},
'cmi.core._children':{'defaultvalue':core_children, 'mod':'r', 'writeerror':'402'},
'cmi.core.student_id':{'defaultvalue':'<?php echo $userdata->student_id ?>', 'mod':'r', 'writeerror':'403'},
'cmi.core.student_name':{'defaultvalue':'<?php echo addslashes_js($userdata->student_name) ?>', 'mod':'r', 'writeerror':'403'},
'cmi.core.student_name':{'defaultvalue':'<?php echo $userdata->student_name ?>', 'mod':'r', 'writeerror':'403'},
'cmi.core.lesson_location':{'defaultvalue':'<?php echo isset($userdata->{'cmi.core.lesson_location'})?$userdata->{'cmi.core.lesson_location'}:'' ?>', 'format':CMIString256, 'mod':'rw', 'writeerror':'405'},
'cmi.core.credit':{'defaultvalue':'<?php echo $userdata->credit ?>', 'mod':'r', 'writeerror':'403'},
'cmi.core.lesson_status':{'defaultvalue':'<?php echo isset($userdata->{'cmi.core.lesson_status'})?$userdata->{'cmi.core.lesson_status'}:'' ?>', 'format':CMIStatus, 'mod':'rw', 'writeerror':'405'},

2
mod/scorm/datamodels/scorm_13.js.php
View file

@ -138,7 +138,7 @@ function SCORMapi1_3() {
'cmi.interactions.n.description':{'pattern':CMIIndex, 'format':CMILangString250, 'mod':'rw'},
'cmi.launch_data':{'defaultvalue':<?php echo isset($userdata->datafromlms)?'\''.$userdata->datafromlms.'\'':'null' ?>, 'mod':'r'},
'cmi.learner_id':{'defaultvalue':'<?php echo $userdata->student_id ?>', 'mod':'r'},
'cmi.learner_name':{'defaultvalue':'<?php echo addslashes_js($userdata->student_name) ?>', 'mod':'r'},
'cmi.learner_name':{'defaultvalue':'<?php echo $userdata->student_name ?>', 'mod':'r'},
'cmi.learner_preference._children':{'defaultvalue':student_preference_children, 'mod':'r'},
'cmi.learner_preference.audio_level':{'defaultvalue':'1', 'format':CMIDecimal, 'range':audio_range, 'mod':'rw'},
'cmi.learner_preference.language':{'defaultvalue':'', 'format':CMILang, 'mod':'rw'},