From 2ccd1e773c841a3d5dd6ca31749db1f19bfef6bc Mon Sep 17 00:00:00 2001
From: Mihail Geshoski <mihail@moodle.com>
Date: Fri, 24 Jun 2022 13:52:36 +0800
Subject: [PATCH] MDL-71921 scorm: Sanitize element names before outputting
 track details

---
 mod/scorm/lib.php                     | 2 +-
 mod/scorm/report/userreporttracks.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/mod/scorm/lib.php b/mod/scorm/lib.php
index 36b4540798b..43457071a11 100644
--- a/mod/scorm/lib.php
+++ b/mod/scorm/lib.php
@@ -499,7 +499,7 @@ function scorm_user_complete($course, $user, $mod, $scorm) {
                             $report .= html_writer::start_tag('li').html_writer::start_tag('ul', array('class' => $liststyle));
                             foreach ($usertrack as $element => $value) {
                                 if (substr($element, 0, 3) == 'cmi') {
-                                    $report .= html_writer::tag('li', $element.' => '.s($value));
+                                    $report .= html_writer::tag('li', s($element) . ' => ' . s($value));
                                 }
                             }
                             $report .= html_writer::end_tag('ul').html_writer::end_tag('li');
diff --git a/mod/scorm/report/userreporttracks.php b/mod/scorm/report/userreporttracks.php
index 08c15d1e643..1382ce49ab2 100644
--- a/mod/scorm/report/userreporttracks.php
+++ b/mod/scorm/report/userreporttracks.php
@@ -152,9 +152,9 @@ foreach ($trackdata as $element => $value) {
         }
 
         if (empty($string) || $table->is_downloading()) {
-            $row[] = $element;
+            $row[] = s($element);
         } else {
-            $row[] = $element.$OUTPUT->help_icon($string, 'scorm');
+            $row[] = s($element) . $OUTPUT->help_icon($string, 'scorm');
         }
         if (strpos($element, '_time') === false) {
             $row[] = s($value);