Moodle
  1. Moodle
  2. MDL-8193

Incorrect handling of quotes in SetValue processing

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.8
    • Fix Version/s: 1.8.7, 1.9.3
    • Component/s: SCORM
    • Labels:
      None
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_18_STABLE
    • Fixed Branches:
      MOODLE_18_STABLE, MOODLE_19_STABLE
    • Rank:
      29292

      Description

      When trying to set some string value containing quotes for such params like "cmi.interactions.n.learner_response", or
      "cmi.comments_from_learner.n.comment" , "cmi.suspend_data", some strange behaviour is shown:

      1. when string contains single quote (apostrophe) it gets unnecessary slashes before apostrophes stored in database
      changing line 259 in mod/scorm/locallib.php as follows seems to fix it
      $id = insert_record('scorm_scoes_track',$track, false);
      original code just makes double quoting

      2. when string contains double quote (") , this value can't be processed in JavaScript functions, calls to API just return npthing, and setted value is ignored, without even a failure result code. I suspect the reason is usage of eval in datamodels/scorm_1x.js.php, like that:

      if (element == 'cmi.comments')

      { eval(element+'+="'+value+'";'); }

      else

      { eval(element+'="'+value+'";'); }

        Issue Links

          Activity

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: