Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-11884

Line 511 of mod/scorm/API.PHP does not escape single quotes

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 1.8.2
    • None
    • SCORM
    • None
    • Windows Professional XP using IE or Firefox browsers
    • MySQL
    • MOODLE_18_STABLE

    Description

      When we ran our SCORM course using Moodle, we found that the file "api.php" does this with the value we submit:

      eval(element+'="'value'";');

      This means that it is not escaping single quotes which results in an invalid snippet being sent to "eval"

      Attachments

        Issue Links

          Activity

            People

              danmarsden Dan Marsden
              dtalbott Doug Talbott
              Dan Marsden, Matteo Scaramuccia, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: