Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.8.2
-
None
-
MySQL
-
MOODLE_18_STABLE
-
MOODLE_17_STABLE, MOODLE_18_STABLE, MOODLE_19_STABLE
Description
We have experienced problems when Course names and descriptions contain apostrophes. These problems were resolved when I wrapped $scourse in addslashes_object() before inserting it into the database, following the pattern I've seen in other Moodle code. I have not investigated any security implications.
diff --git a/enrol/imsenterprise/enrol.php b/enrol/imsenterprise/enrol.php
index c8271dd..5dce80d 100644
— a/enrol/imsenterprise/enrol.php
+++ b/enrol/imsenterprise/enrol.php
@@ -554,7 +554,7 @@ function process_group_tag($tagcontents){
}else
- if($course->id = insert_record('course', $course)){
+ if($course->id = insert_record('course', addslashes_object($course))){
// Setup the blocks
$page = page_create_object(PAGE_COURSE_VIEW, $course->id);