projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91cbdda)
MDL-60233 mod_assign: Avoid HTML in the item field of external warnings
authorJuan Leyva <juanleyvadelgado@gmail.com>
Tue, 26 Sep 2017 09:43:46 +0000 (11:43 +0200)
committerJuan Leyva <juanleyvadelgado@gmail.com>
Tue, 26 Sep 2017 10:12:50 +0000 (12:12 +0200)
The item field is defined as PARAM_TEXT (no HTML tags allowed except
for multilang).
Using the s that add quotes to HTML characters we avoid potential Web
Services invalid parameters errors.

mod/assign/externallib.php patch | blob | blame | history

diff --git a/mod/assign/externallib.php b/mod/assign/externallib.php
index adb0a79..c4059c9 100644 (file)
--- a/mod/assign/externallib.php
+++ b/mod/assign/externallib.php
@@ -62,7 +62,7 @@ class mod_assign_external extends external_api {
             $message = 'Unknown warning type.';
         }
 
-        return array('item'=>$detail,
+        return array('item' => s($detail),
                      'itemid'=>$assignmentid,
                      'warningcode'=>$warningcode,
                      'message'=>$message);
Moodle official production repository