Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-54010

htmlspecialchars not used on names and descriptions when exporting roles

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. As admin, navigate to "Site administration" > "Users" > "Permissions" > "Define roles"
      2. Click the "Add a new role" button
      3. Press the "Continue" button
      4. In the "Custom full name" and "Custom description" enter some invalid XML characters (i.e., & < >)
      5. Save the role
      6. View the role and press the "Export" button
      7. Open the downloaded XML file and verify that any invalid characters have been properly escaped
      Show
      As admin, navigate to "Site administration" > "Users" > "Permissions" > "Define roles" Click the "Add a new role" button Press the "Continue" button In the "Custom full name" and "Custom description" enter some invalid XML characters (i.e., & < >) Save the role View the role and press the "Export" button Open the downloaded XML file and verify that any invalid characters have been properly escaped
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE, MOODLE_31_STABLE
    • Pull Master Branch:
      MDL-54010-master

      Description

      When seeking to export a role via admin/roles/define.php?action=view&roleid=<id>, the XML file produced will be unusable if the role's full name or description contains characters that need escaping in XML, such as an ampersand:

      Warning: DOMDocument::createElement(): unterminated entity reference A - B (C) in /VMS/Programming/client/admin/roles/classes/preset.php on line 74

      Call Stack:
      0.0004 334024 1.

      {main}() /VMS/Programming/client/admin/roles/define.php:0
      0.4799 25311520 2. core_role_preset::send_export_xml() /VMS/Programming/client/admin/roles/define.php:63
      0.4805 25328992 3. core_role_preset::get_export_xml() /VMS/Programming/client/admin/roles/classes/preset.php:53
      0.4808 25330968 4. DOMDocument->createElement() /VMS/Programming/client/admin/roles/classes/preset.php:74


      Warning: DOMDocument::createElement(): unterminated entity reference D - E (F) in /VMS/Programming/client/admin/roles/classes/preset.php on line 75

      Call Stack:
      0.0004 334024 1. {main}

      () /VMS/Programming/client/admin/roles/define.php:0
      0.4799 25311520 2. core_role_preset::send_export_xml() /VMS/Programming/client/admin/roles/define.php:63
      0.4805 25328992 3. core_role_preset::get_export_xml() /VMS/Programming/client/admin/roles/classes/preset.php:53
      0.4809 25331744 4. DOMDocument->createElement() /VMS/Programming/client/admin/roles/classes/preset.php:75

      The output file is also incomplete.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                11/Jul/16