Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24565

Cleaning does not prevent invalid XML unicode characters

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.9.9, 2.0
    • 1.9.10, 2.0
    • Libraries
    • None
    • MOODLE_19_STABLE, MOODLE_20_STABLE
    • MOODLE_19_STABLE, MOODLE_20_STABLE

    Description

      It is possible to enter, e.g. into a forum post, Unicode control characters such as U+0001.

      Within XML output, only the control characters 9, 10, and 13 are permitted. Presumably for this reason, the RSS feed output for the forum does not work if somebody enters those characters.

      A suitable fix would be to make the Moodle clean_param function capable of stripping out these characters (any control character other than 9, 10, 13).

      Attachments

        Activity

          People

            jenny-gray Jenny Gray
            quen Sam Marshall
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Raquel Ortega, Sara Arjona (@sarjona)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              25/Oct/10