-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.1.9, 3.4.2, 3.5.1, 3.5.5, 3.6.3
-
Component/s: Feedback
-
Testing Instructions:
-
Difficulty:Easy
-
Affected Branches:MOODLE_31_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
-
Fixed Branches:MOODLE_35_STABLE, MOODLE_36_STABLE
-
Pull from Repository:
-
Pull 3.5 Branch:
MDL-62307_MOODLE_35_STABLE -
Pull 3.6 Branch:
MDL-62307_MOODLE_36_STABLE -
Pull Master Branch:
MDL-62307_master -
Pull Master Diff URL:
The special characters (quotes, amps) are not HTML decoded, when they are displayed as initial values in a feedback form.
Steps te reproduce:
- Create a course
- Insert a feedback module, and configure it to record "User's name will be logged and shown with answers" and "Allow multiple submissions".
- As a student, fill in the feedback (adding ' & ) and submit
- Go back to the course
- As student, click the "Answer the questions" button again, to edit your responses.
- => You see html encoded characters
Here's a suggested fix:
/mod/feedback/classes/complete_form.php:319
$this->_form->setDefault($element->getName(), htmlspecialchars_decode($tmpvalue, ENT_QUOTES)); |
Affects versions 3.4.2 and 3.1.9 for sure. Probably affects other versions (not tested).