-
Bug
-
Resolution: Fixed
-
Minor
-
4.2
-
MOODLE_402_STABLE
-
MOODLE_402_STABLE
-
For a user with gradebook feedback, who also has HTML entities within their ID number (a PARAM_RAW field, reference) - clicking on the "View feedback" link doesn't do anything
There are two problems
- There is no indication of failure (other than nothing happened);
- The external field type definition is too strict (PARAM_TEXT)
When I view me browser console, I see the following exception:
[
|
{
|
"error": true,
|
"exception": {
|
"message": "Invalid response value detected",
|
"errorcode": "invalidresponse",
|
"backtrace": "* line 457 of /lib/external/classes/external_api.php: invalid_response_exception thrown\n* line ? of unknownfile: call to core_external\\external_api::clean_returnvalue()\n* line 257 of /lib/external/classes/external_api.php: call to call_user_func()\n* line 83 of /lib/ajax/service.php: call to core_external\\external_api::call_external_function()\n",
|
"link": "http://moodle.internal/master/grade/report/grader/index.php?id=2",
|
"moreinfourl": "https://docs.moodle.org/403/en/error/debug/invalidresponse",
|
"debuginfo": "additionalfield => Invalid response value detected (Invalid external api response: the value is \"XSS<script>alert('id, number');</script>\" of PHP type \"string\", the server was expecting \"text\" type): Invalid external api response: the value is \"XSS<script>alert('id, number');</script>\" of PHP type \"string\", the server was expecting \"text\" type\nError code: invalidresponse"
|
}
|
}
|
]
|
All from MDL-77030