MDL-52068 repository: Prevent JS errors due to unescaped lang strings
authorFrederic Massart <fred@moodle.com>
Thu, 18 Feb 2016 11:26:00 +0000 (19:26 +0800)
committerFrederic Massart <fred@moodle.com>
Wed, 2 Mar 2016 07:34:45 +0000 (15:34 +0800)
repository/repository_callback.php

index da8b941..b657d29 100644 (file)
@@ -67,17 +67,21 @@ $repo->callback();
 // If Moodle is working on HTTPS mode, then we are not allowed to access
 // parent window, in this case, we need to alert user to refresh the repository
 // manually.
 // If Moodle is working on HTTPS mode, then we are not allowed to access
 // parent window, in this case, we need to alert user to refresh the repository
 // manually.
-$strhttpsbug = get_string('cannotaccessparentwin', 'repository');
+$strhttpsbug = json_encode(get_string('cannotaccessparentwin', 'repository'));
 $strrefreshnonjs = get_string('refreshnonjsfilepicker', 'repository');
 $js =<<<EOD
 <html>
 <head>
     <script type="text/javascript">
 $strrefreshnonjs = get_string('refreshnonjsfilepicker', 'repository');
 $js =<<<EOD
 <html>
 <head>
     <script type="text/javascript">
-    if(window.opener){
-        window.opener.M.core_filepicker.active_filepicker.list();
-        window.close();
-    } else {
-        alert("{$strhttpsbug }");
+    try {
+        if (window.opener) {
+            window.opener.M.core_filepicker.active_filepicker.list();
+            window.close();
+        } else {
+            throw new Error('Whoops!');
+        }
+    } catch (e) {
+        alert({$strhttpsbug});
     }
     </script>
 </head>
     }
     </script>
 </head>