MDL-68410 mod_scorm: safer status operator comparison.

diff --git a/mod/scorm/lang/en/scorm.php b/mod/scorm/lang/en/scorm.php
index d90affe..b878579 100644 (file)
--- a/mod/scorm/lang/en/scorm.php
+++ b/mod/scorm/lang/en/scorm.php
@@ -244,6 +244,7 @@ $string['trackweight'] = 'Weight';
 $string['trackweight_help'] = 'Weight assigned to the question when calculating score.';
 $string['invalidactivity'] = 'SCORM activity is incorrect';
 $string['invalidmanifestname'] = 'Only imsmanifest.xml or .zip files may be selected';
+$string['invalidstatus'] = 'Invalid status';
 $string['invalidurl'] = 'Invalid URL specified';
 $string['invalidurlhttpcheck'] = 'Invalid URL specified. Debug message:<pre>{$a->cmsg}</pre>';
 $string['invalidhacpsession'] = 'Invalid HACP session';

diff --git a/mod/scorm/locallib.php b/mod/scorm/locallib.php
index 39fda98..f2dd536 100644 (file)
--- a/mod/scorm/locallib.php
+++ b/mod/scorm/locallib.php
@@ -1582,10 +1582,18 @@ function scorm_get_toc_object($user, $scorm, $currentorg='', $scoid='', $mode='n
 
                     if (isset($usertracks[$sco->identifier])) {
                         $usertrack = $usertracks[$sco->identifier];
-                        $strstatus = get_string($usertrack->status, 'scorm');
+
+                        // Check we have a valid status string identifier.
+                        if ($statusstringexists = get_string_manager()->string_exists($usertrack->status, 'scorm')) {
+                            $strstatus = get_string($usertrack->status, 'scorm');
+                        } else {
+                            $strstatus = get_string('invalidstatus', 'scorm');
+                        }
 
                         if ($sco->scormtype == 'sco') {
-                            $statusicon = $OUTPUT->pix_icon($usertrack->status, $strstatus, 'scorm');
+                            // Assume if we didn't get a valid status string, we don't have an icon either.
+                            $statusicon = $OUTPUT->pix_icon($statusstringexists ? $usertrack->status : 'incomplete',
+                                $strstatus, 'scorm');
                         } else {
                             $statusicon = $OUTPUT->pix_icon('asset', get_string('assetlaunched', 'scorm'), 'scorm');
                         }
@@ -2368,12 +2376,13 @@ function scorm_eval_prerequisites($prerequisites, $usertracks) {
                     if (isset($statuses[$value])) {
                         $value = $statuses[$value];
                     }
+
+                    $elementprerequisitematch = (strcmp($usertracks[$element]->status, $value) == 0);
                     if ($matches[2] == '<>') {
-                        $oper = '!=';
+                        $element = $elementprerequisitematch ? 'false' : 'true';
                     } else {
-                        $oper = '==';
+                        $element = $elementprerequisitematch ? 'true' : 'false';
                     }
-                    $element = '(\''.$usertracks[$element]->status.'\' '.$oper.' \''.$value.'\')';
                 } else {
                     $element = 'false';
                 }