Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Minor
-
Resolution: Duplicate
-
Affects Version/s: 1.8, 1.8.1, 1.8.2, 1.8.3
-
Fix Version/s: None
-
Component/s: SCORM
-
Labels:None
-
Environment:JavaScript 1.5
-
Database:MySQL
-
Affected Branches:MOODLE_18_STABLE
Description
With my SCORM 2004 content I get a missing semi-colon error for line 511 of /mod/scorm/api.php:
eval(element+'="'value'";');
Debugging shows that:
element = "cmi.interactions.N10.description"
value = "Which symbol in the schematic diagram represents the following component?<br/><br/><img src=\"Images/capture_03.jpg\" alt=\"Component.\" title=\"Component.\" width=\"247\" height=\"126\"/>"
(internal quotes are escaped due to Script Editor)
The field in question is a localized_string, which permits single and double quotes. So the value parameter should have been escaped prior to calling eval().
Could this be done a better way? eval() is generally a bad thing.
Note: This pattern occurs in more than one place within api.php
I should point out that the underlying source file is \mod\scorm\datamodels\scorm_13.js, given api.php's dynamic inclusion of code - specifically line 583.
Interestingly, on line 338 in scorm_12.js.php the following is used:
eval(element+'=value;');
...which eliminates the need for string wrapping in the eval'd expression.