Moodle

Line 511 of mod/scorm/API.PHP does not escape single quotes

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Duplicate
  • Affects Version/s: 1.8.2
  • Fix Version/s: None
  • Component/s: SCORM
  • Labels:
    None
  • Environment:
    Windows Professional XP using IE or Firefox browsers
  • Database:
    MySQL
  • Affected Branches:
    MOODLE_18_STABLE

Description

When we ran our SCORM course using Moodle, we found that the file "api.php" does this with the value we submit:

eval(element+'="'value'";');

This means that it is not escaping single quotes which results in an invalid snippet being sent to "eval"

Issue Links

This issue duplicates:
MDL-8193 Incorrect handling of quotes in SetValue processing Major Closed
MDL-12857 eval() quote escaping Minor Closed

Activity

There are no comments yet on this issue.

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.5#665-sha1:422aead) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.