mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-02-01 05:18:06 +01:00
Code Issues Projects Releases Wiki Activity

MDL-41820 XSS in the quiz responses report.

Browse Source 
Thanks to Michael Hess for finding this bug and reporting it to us.
This commit is contained in:
Tim Hunt 2013-09-17 18:26:53 +01:00 committed by Dan Poltawski
parent f859f6b4e6
commit 78a492330d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mod/quiz/report/responses/responses_table.php
View File

@ -97,6 +97,11 @@ class quiz_responses_table extends quiz_attempts_report_table {
$summary = trim($stepdata->$field);
}
if ($this->is_downloading() && $this->is_downloading() != 'xhtml') {
return $summary;
}
$summary = s($summary);
if ($this->is_downloading() || $field != 'responsesummary') {
return $summary;
}