chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Storage API : Proper unescaping of escaped values.

Browse Source
skala
jkbockstael 14 years ago
parent ad337eeedd
commit 4f657a642e
1 changed files with 4 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/newscorm/storageapi.php

6
main/newscorm/storageapi.php
Unescape View File

@ -64,7 +64,7 @@ function storage_get($sv_user, $sv_course, $sv_sco, $sv_key) {
$res = Database::query($sql); $res = Database::query($sql);
if (mysql_num_rows($res) > 0) { if (mysql_num_rows($res) > 0) {
$row = Database::fetch_assoc($res); $row = Database::fetch_assoc($res);
return $row['sv_value']; return stripslashes($row['sv_value']);
} }
else { else {
return null; return null;
@ -90,6 +90,7 @@ function storage_getall($sv_user, $sv_course, $sv_sco) {
$res = Database::query($sql); $res = Database::query($sql);
$data = array(); $data = array();
while ($row = Database::fetch_assoc($res)) { while ($row = Database::fetch_assoc($res)) {
$row['sv_value'] = stripslashes($row['sv_value']);
$data[] = $row; $data[] = $row;
} }
return json_encode($data); return json_encode($data);
@ -146,7 +147,7 @@ function storage_stack_pop($sv_user, $sv_course, $sv_sco, $sv_key) {
$resdelete = Database::query($sqldelete); $resdelete = Database::query($sqldelete);
if ($resselect && $resdelete) { if ($resselect && $resdelete) {
Database::query("commit"); Database::query("commit");
return $rowselect['sv_value']; return stripslashes($rowselect['sv_value']);
} }
else { else {
Database::query("rollback"); Database::query("rollback");
@ -187,6 +188,7 @@ function storage_stack_getall($sv_user, $sv_course, $sv_sco, $sv_key) {
$res = Database::query($sql); $res = Database::query($sql);
$results = array(); $results = array();
while ($row = Database::fetch_assoc($res)) { while ($row = Database::fetch_assoc($res)) {
$row['value'] = stripslashes($row['value']);
$results[] = $row; $results[] = $row;
} }
return json_encode($results); return json_encode($results);

Write Preview
Loading…
Cancel
Save