Details
-
Type:
Sub-task
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.7
-
Component/s: Administration
-
Labels:None
-
Affected Branches:MOODLE_17_STABLE
-
Fixed Branches:MOODLE_17_STABLE, MOODLE_18_STABLE
Description
The problem is that there is no policy on quoting of data supplied to set_config() function. In either case it is broken, if the magic quotes are used the storage into db is ok, but the current value in $CFG->xx is updated incorrectly; if the value is not slashed it can not be stored into database.
The problem with admin settings is that the defaults values are sent into set_config() without magic quotes applied, but data submitted from user are with magic quotes.
Solution is to require values for set_config() to be unslashed and fix admin settings to strip the slashes from user submitted data.
working on a patch for 1.7.x and 1.8...