From a74d924c25f0010fce6f186eb93a003203a37817 Mon Sep 17 00:00:00 2001 From: Tim Hunt Date: Tue, 29 Jan 2013 10:05:28 +0000 Subject: [PATCH] MDL-37746 qtype_shortanser: avoid normalizer_normalize dangers. When an error occurs, normalizer_normalize just silently returns null, which is dangerous. Here, we wrap it in a safe helper function. --- question/type/shortanswer/question.php | 33 ++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/question/type/shortanswer/question.php b/question/type/shortanswer/question.php index cb3c8a493f8..ba1dfc786dc 100644 --- a/question/type/shortanswer/question.php +++ b/question/type/shortanswer/question.php @@ -87,6 +87,11 @@ class qtype_shortanswer_question extends question_graded_by_strategy } public static function compare_string_with_wildcard($string, $pattern, $ignorecase) { + + // Normalise any non-canonical UTF-8 characters before we start. + $pattern = self::safe_normalize($pattern); + $string = self::safe_normalize($string); + // Break the string on non-escaped asterisks. $bits = preg_split('/(?