Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-12857

eval() quote escaping

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 1.8, 1.8.1, 1.8.2, 1.8.3
    • None
    • SCORM
    • None
    • JavaScript 1.5
    • MySQL
    • MOODLE_18_STABLE

    Description

      With my SCORM 2004 content I get a missing semi-colon error for line 511 of /mod/scorm/api.php:

      eval(element+'="'value'";');

      Debugging shows that:

      element = "cmi.interactions.N10.description"
      value = "Which symbol in the schematic diagram represents the following component?<br/><br/><img src=\"Images/capture_03.jpg\" alt=\"Component.\" title=\"Component.\" width=\"247\" height=\"126\"/>"
      (internal quotes are escaped due to Script Editor)

      The field in question is a localized_string, which permits single and double quotes. So the value parameter should have been escaped prior to calling eval().

      Could this be done a better way? eval() is generally a bad thing.

      Note: This pattern occurs in more than one place within api.php

      Attachments

        Issue Links

          Activity

            People

              danmarsden Dan Marsden
              pinkduck Peter Chamberlin
              Dan Marsden, Matteo Scaramuccia, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: