Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24565

Cleaning does not prevent invalid XML unicode characters

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.9, 2.0
    • Fix Version/s: 1.9.10, 2.0
    • Component/s: Libraries
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE, MOODLE_20_STABLE

      Description

      It is possible to enter, e.g. into a forum post, Unicode control characters such as U+0001.

      Within XML output, only the control characters 9, 10, and 13 are permitted. Presumably for this reason, the RSS feed output for the forum does not work if somebody enters those characters.

      A suitable fix would be to make the Moodle clean_param function capable of stripping out these characters (any control character other than 9, 10, 13).

        Attachments

          Activity

            People

            Assignee:
            jenny-gray Jenny Gray
            Reporter:
            quen Sam Marshall
            Participants:
            Component watchers:
            Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              25/Oct/10