From 03cefca1a0a266e2eaf94ddc8bcce6e5e5e2b9f4 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Tue, 18 May 2010 19:48:34 +0200 Subject: [PATCH] Removing execise use of remove_XSS . i.e: Database::escape_string(Security::remove_XSS()) --- main/survey/survey.lib.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main/survey/survey.lib.php b/main/survey/survey.lib.php index e94d212dc6..19587cc1d8 100644 --- a/main/survey/survey.lib.php +++ b/main/survey/survey.lib.php @@ -217,16 +217,16 @@ class survey_manager { } $sql = "INSERT INTO $table_survey (code, title, subtitle, author, lang, avail_from, avail_till, is_shared, template, intro, surveythanks, creation_date, anonymous".$additional['columns'].", session_id) VALUES ( '".Database::escape_string(strtolower(generate_course_code(api_substr($values['survey_code'],0))))."', - '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_title'])), COURSEMANAGERLOWSECURITY))."', - '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_subtitle'])), COURSEMANAGERLOWSECURITY))."', + '".Database::escape_string($values['survey_title'])."', + '".Database::escape_string($values['survey_subtitle'])."', '".Database::escape_string($_user['user_id'])."', '".Database::escape_string($values['survey_language'])."', '".Database::escape_string($values['start_date'])."', '".Database::escape_string($values['end_date'])."', '".Database::escape_string($shared_survey_id)."', '".Database::escape_string('template')."', - '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_introduction'])), COURSEMANAGERLOWSECURITY))."', - '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['survey_thanks'])), COURSEMANAGERLOWSECURITY))."', + '".Database::escape_string($values['survey_introduction'])."', + '".Database::escape_string($values['survey_thanks'])."', '".date('Y-m-d H:i:s')."', '".Database::escape_string($values['anonymous'])."'".$additional['values'].", ".intval($_SESSION['id_session'])."