Home
Documentation
Downloads
Demo
Tracker
Development
Translation
Moodle.net
Search
projects
/
moodle.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
f859f6b
)
MDL-41820 XSS in the quiz responses report.
author
Tim Hunt
<T.J.Hunt@open.ac.uk>
Tue, 17 Sep 2013 17:26:53 +0000
(18:26 +0100)
committer
Dan Poltawski
<dan@moodle.com>
Mon, 4 Nov 2013 03:12:42 +0000
(11:12 +0800)
Thanks to Michael Hess for finding this bug and reporting it to us.
mod/quiz/report/responses/responses_table.php
patch
|
blob
|
blame
|
history
diff --git
a/mod/quiz/report/responses/responses_table.php
b/mod/quiz/report/responses/responses_table.php
index
a5a0c09
..
3c9c7c9
100644
(file)
--- a/
mod/quiz/report/responses/responses_table.php
+++ b/
mod/quiz/report/responses/responses_table.php
@@
-97,6
+97,11
@@
class quiz_responses_table extends quiz_attempts_report_table {
$summary = trim($stepdata->$field);
}
+ if ($this->is_downloading() && $this->is_downloading() != 'xhtml') {
+ return $summary;
+ }
+ $summary = s($summary);
+
if ($this->is_downloading() || $field != 'responsesummary') {
return $summary;
}
