[MDL-52068] String not sanitized before passing it to JavaScript in Repository - Moodle Tracker

XML

Word

Printable

Testing Instructions:
Hide

Set-up your Dropbox repository

Edit the language string lang/en/repository cannotaccessparentwin and include single quotes, double quotes, special characters.

Purge all caches

Go to private files and select Dropbox in the file picker (logout if you're logged in)

Login, and make sure:

you don't see any JS errors

the popup where you enter your Dropbox credentials closes automatically
Show
Set-up your Dropbox repository Edit the language string lang/en/repository cannotaccessparentwin and include single quotes, double quotes, special characters. Purge all caches Go to private files and select Dropbox in the file picker (logout if you're logged in) Login, and make sure : you don't see any JS errors the popup where you enter your Dropbox credentials closes automatically
Affected Branches:
MOODLE_29_STABLE
Fixed Branches:
MOODLE_29_STABLE, MOODLE_30_STABLE
Pull from Repository:
git://github.com/FMCorz/moodle.git
Pull Master Branch:
~~MDL-52068~~-master
Pull Master Diff URL:
https://github.com/FMCorz/moodle/compare/03b8b55...MDL-52068-master

Because of erroneous Hebrew translation, which included quote marks, we found that in passing the string token to the JS alert function, https://github.com/moodle/moodle/blob/master/repository/repository_callback.php#L80, a JS error occurred which halted the authentication process between Moodle and Google Drive repository.

We suggest that string passed to JavaScript should be sanitized.

will help resolve

MDL-51714 Blank page after authenticating to Dropbox

Participants:: CiBoT, Dan Poltawski, David Monllaó, Eloy Lafuente (stronk7), Frédéric Massart, Lea Cohen, Rajesh Taneja

Component watchers:: Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan