Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24565

Cleaning does not prevent invalid XML unicode characters

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.9, 2.0
    • Fix Version/s: 1.9.10, 2.0
    • Component/s: Libraries
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      It is possible to enter, e.g. into a forum post, Unicode control characters such as U+0001.

      Within XML output, only the control characters 9, 10, and 13 are permitted. Presumably for this reason, the RSS feed output for the forum does not work if somebody enters those characters.

      A suitable fix would be to make the Moodle clean_param function capable of stripping out these characters (any control character other than 9, 10, 13).

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  25/Oct/10