diff --git a/main/exercice/admin.php b/main/exercice/admin.php
index ecc4435874..c414990cb7 100644
--- a/main/exercice/admin.php
+++ b/main/exercice/admin.php
@@ -1,4 +1,4 @@
-<?php // $Id: admin.php 20522 2009-05-12 00:43:47Z yannoo $
+<?php // $Id: admin.php 20776 2009-05-18 12:43:44Z pcool $
  
 /*
 ==============================================================================
@@ -67,7 +67,7 @@
 *
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: admin.php 20522 2009-05-12 00:43:47Z yannoo $
+* 	@version $Id: admin.php 20776 2009-05-18 12:43:44Z pcool $
 */
 
 
@@ -95,29 +95,7 @@ define(ALLOWED_TO_INCLUDE,1);
 
 include_once(api_get_path(LIBRARY_PATH).'fileUpload.lib.php');
 include_once(api_get_path(LIBRARY_PATH).'document.lib.php');
-/****************************/
-/*  stripslashes POST data  */
-/****************************/
 
-if($_SERVER['REQUEST_METHOD'] == 'POST')
-{
-	foreach($_POST as $key=>$val)
-	{
-		if(is_string($val))
-		{
-			$_POST[$key]=stripslashes($val);
-		}
-		elseif(is_array($val))
-		{
-			foreach($val as $key2=>$val2)
-			{
-				$_POST[$key][$key2]=stripslashes($val2);
-			}
-		}
-
-		$GLOBALS[$key]=$_POST[$key];
-	}
-}
 
 // get vars from GET
 if ( empty ( $exerciseId ) )
@@ -469,7 +447,7 @@ $description = $objExercise->selectDescription();
 echo '<div class="sectiontitle">'.$objExercise->selectTitle().'</div>';
 if(!empty($description))
 {
-	echo '<div class="sectioncomment">'.stripslashes($description).'</div>';
+	echo '<div class="sectioncomment">'.$description.'</div>';
 }
 */
 
diff --git a/main/exercice/answer.class.php b/main/exercice/answer.class.php
index e163d94b53..b4b526ce0f 100644
--- a/main/exercice/answer.class.php
+++ b/main/exercice/answer.class.php
@@ -23,7 +23,7 @@
 *	5 arrays are created to receive the attributes of each answer belonging to a specified question
 * 	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: answer.class.php 20644 2009-05-14 16:42:28Z cvargas1 $
+* 	@version $Id: answer.class.php 20776 2009-05-18 12:43:44Z pcool $
 */
 
 
@@ -241,7 +241,7 @@ class Answer
 	 		if(!empty($this->answer[$i])){
 	 			$list[] = array(
 						'id'=>$i,
-						'answer'=>addslashes($this->answer[$i]),
+						'answer'=>$this->answer[$i],
 						'comment'=>$this->comment[$i],
 						'grade' => $this->weighting[$i],
 						'hotspot_coord' => $this->hotspot_coordinates[$i],
@@ -401,8 +401,8 @@ class Answer
 		$questionId=$this->questionId;
 
 		$sql = "UPDATE $TBL_REPONSES SET " .
-				"answer = '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($answer)),COURSEMANAGER))."', " .
-				"comment = '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($comment)),COURSEMANAGER))."', " .
+				"answer = '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($answer),COURSEMANAGER))."', " .
+				"comment = '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($comment),COURSEMANAGER))."', " .
 				"ponderation = '".Database::escape_string($weighting)."', " .
 				"position = '".Database::escape_string($position)."', " .
 				"destination = '".Database::escape_string($destination)."' " .
@@ -434,9 +434,9 @@ class Answer
 
 		for($i=1;$i <= $this->new_nbrAnswers;$i++)
 		{
-			$answer					= Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($this->new_answer[$i])),COURSEMANAGER));
+			$answer					= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->new_answer[$i]),COURSEMANAGER));
 			$correct				= Database::escape_string($this->new_correct[$i]);
-			$comment				= Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($this->new_comment[$i])),COURSEMANAGER));
+			$comment				= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->new_comment[$i]),COURSEMANAGER));
 			$weighting				= Database::escape_string($this->new_weighting[$i]);
 			$position				= Database::escape_string($this->new_position[$i]);
 			$hotspot_coordinates	= Database::escape_string($this->new_hotspot_coordinates[$i]);
@@ -484,9 +484,9 @@ class Answer
 
 			for($i=1;$i <= $this->nbrAnswers;$i++)
 			{
-				$answer					= Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($this->answer[$i])),COURSEMANAGER));
+				$answer					= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->answer[$i]),COURSEMANAGER));
 				$correct				= Database::escape_string($this->correct[$i]);
-				$comment				= Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($this->comment[$i])),COURSEMANAGER));
+				$comment				= Database::escape_string(Security::remove_XSS(api_html_entity_decode($this->comment[$i]),COURSEMANAGER));
 				$weighting				= Database::escape_string($this->weighting[$i]);
 				$position				= Database::escape_string($this->position[$i]);
 				$hotspot_coordinates	= Database::escape_string($this->hotspot_coordinates[$i]);
diff --git a/main/exercice/answer_admin.inc.php b/main/exercice/answer_admin.inc.php
index 3a2142b552..f95e4a4cd0 100644
--- a/main/exercice/answer_admin.inc.php
+++ b/main/exercice/answer_admin.inc.php
@@ -22,7 +22,7 @@
 *	This script allows to manage answers. It is included from the script admin.php
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: answer_admin.inc.php 20748 2009-05-17 10:35:35Z ivantcholakov $
+* 	@version $Id: answer_admin.inc.php 20776 2009-05-18 12:43:44Z pcool $
 */
 
 
@@ -570,7 +570,7 @@ if($submitAnswers || $buttonBack)
 		            if($debug>0){echo str_repeat('&nbsp;',4).'$answerType is HOT_SPOT'."<br />\n";}
 
 		            $reponse[$i]=trim($reponse[$i]);
-		            $comment[$i]=addslashes(trim($comment[$i]));
+		            $comment[$i]=trim($comment[$i]);
 		            $weighting[$i]=intval($weighting[$i]);
 					if($weighting[$i])
 					{
@@ -1370,7 +1370,7 @@ if($modifyAnswers)
 ?>
 <table border="0" cellpadding="0" cellspacing="0" width="100%">
 	<tr>
-		<td colspan="2" style="border:1px solid #4271b5; border-bottom:none;"><?php echo stripslashes(get_lang('HotspotChoose')); ?></td>
+		<td colspan="2" style="border:1px solid #4271b5; border-bottom:none;"><?php echo get_lang('HotspotChoose'); ?></td>
 	</tr>
 	<tr>
 		<td width="550" valign="top">
diff --git a/main/exercice/exercice.php b/main/exercice/exercice.php
index 90c48ea90d..a0bf9126ab 100644
--- a/main/exercice/exercice.php
+++ b/main/exercice/exercice.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: exercice.php 20716 2009-05-16 07:28:22Z ivantcholakov $
+// $Id: exercice.php 20776 2009-05-18 12:43:44Z pcool $
 
 /*
 ==============================================================================
@@ -352,7 +352,7 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
 	$mess = str_replace("#test#", Security::remove_XSS($test), $message);
 	//$message= str_replace("#ques_name#",$ques_name,$mess);
 	$message = str_replace("#url#", $url, $mess);
-	$mess = stripslashes($message);
+	$mess = $message;
 	$headers = " MIME-Version: 1.0 \r\n";
 	$headers .= "User-Agent: Dokeos/1.6";
 	$headers .= "Content-Transfer-Encoding: 7bit";
diff --git a/main/exercice/exercice_submit.php b/main/exercice/exercice_submit.php
index 269bac1f35..51f030916d 100644
--- a/main/exercice/exercice_submit.php
+++ b/main/exercice/exercice_submit.php
@@ -1,5 +1,5 @@
 <?php
-// $Id: exercice_submit.php 20369 2009-05-06 16:12:55Z cfasanando $
+// $Id: exercice_submit.php 20776 2009-05-18 12:43:44Z pcool $
 
 /*
 ==============================================================================
@@ -43,7 +43,7 @@
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
 * 	@author Julio Montoya multiple fill in blank option added
-* 	@version $Id: exercice_submit.php 20369 2009-05-06 16:12:55Z cfasanando $
+* 	@version $Id: exercice_submit.php 20776 2009-05-18 12:43:44Z pcool $
 */
 
 include ('exercise.class.php');
@@ -416,7 +416,7 @@ if ($formSent) {
 											break;
 										}
 										$choice[$j] = trim($choice[$j]);
-										$user_tags[] = stripslashes(strtolower($choice[$j]));
+										$user_tags[] = strtolower($choice[$j]);
 										//put the contents of the [] answer tag into correct_tags[]
 										$correct_tags[] = strtolower(substr($temp, 0, $pos));
 										$j++;
@@ -440,12 +440,12 @@ if ($formSent) {
 												// increments total score
 												$totalScore += $answerWeighting[$i];
 												// adds the word in green at the end of the string
-												$answer .= stripslashes($correct_tags[$i]);
+												$answer .= $correct_tags[$i];
 											}
 											// else if the word entered by the student IS NOT the same as the one defined by the professor
 											elseif (!empty ($user_tags[$i])) {
 												// adds the word in red at the end of the string, and strikes it
-												$answer .= '<font color="red"><s>' . stripslashes($user_tags[$i]) . '</s></font>';
+												$answer .= '<font color="red"><s>' . $user_tags[$i] . '</s></font>';
 											} else {
 												// adds a tabulation if no word has been typed by the student
 												$answer .= '&nbsp;&nbsp;&nbsp;';
@@ -461,12 +461,12 @@ if ($formSent) {
 												// increments total score
 												$totalScore += $answerWeighting[$i];
 												// adds the word in green at the end of the string
-												$answer .= stripslashes($user_tags[$i]);
+												$answer .= $user_tags[$i];
 											}
 											elseif (!empty ($user_tags[$i])) {
 												// else if the word entered by the student IS NOT the same as the one defined by the professor
 												// adds the word in red at the end of the string, and strikes it
-												$answer .= '<font color="red"><s>' . stripslashes($user_tags[$i]) . '</s></font>';
+												$answer .= '<font color="red"><s>' . $user_tags[$i] . '</s></font>';
 											} else {
 												// adds a tabulation if no word has been typed by the student
 												$answer .= '&nbsp;&nbsp;&nbsp;';
@@ -565,7 +565,7 @@ if ($formSent) {
 									if (preg_match_all('#<font color="red"><s>([0-9a-z ]*)</s></font>#', $val, $arr1)) {
 										$val = $arr1[1][0];
 									}
-									$val = addslashes($val);
+									$val = $val;
 									$val = strip_tags($val);
 									$sql = "select position from $table_ans where question_id='" . Database :: escape_string($questionId) . "' and answer='" . Database :: escape_string($val) . "' AND correct=0";
 									$res = api_sql_query($sql, __FILE__, __LINE__);
@@ -682,7 +682,7 @@ $quizID = $objExercise->selectId();
 $exerciseAttempts = $objExercise->selectAttempts();
 $exerciseTitle = $objExercise->selectTitle();
 $exerciseDescription = $objExercise->selectDescription();
-$exerciseDescription = stripslashes($exerciseDescription);
+$exerciseDescription = $exerciseDescription;
 $exerciseSound = $objExercise->selectSound();
 $randomQuestions = $objExercise->isRandom();
 $exerciseType = $objExercise->selectType();
diff --git a/main/exercice/exercise.class.php b/main/exercice/exercise.class.php
index 4b602964b8..7844befbe3 100644
--- a/main/exercice/exercise.class.php
+++ b/main/exercice/exercise.class.php
@@ -25,7 +25,7 @@
 *	Exercise class: This class allows to instantiate an object of type Exercise
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: exercise.class.php 20644 2009-05-14 16:42:28Z cvargas1 $
+* 	@version $Id: exercise.class.php 20776 2009-05-18 12:43:44Z pcool $
 */
 
 
@@ -521,9 +521,9 @@ class Exercise
         $TBL_QUIZ_QUESTION= Database::get_course_table(TABLE_QUIZ_TEST_QUESTION);        
 
 		$id=$this->id;
-		$exercise=addslashes($this->exercise);
-		$description=addslashes($this->description);
-		$sound=addslashes($this->sound);
+		$exercise=$this->exercise;
+		$description=$this->description;
+		$sound=$this->sound;
 		$type=$this->type;
 		$attempts=$this->attempts;
 		$feedbacktype=$this->feedbacktype;
@@ -540,7 +540,7 @@ class Exercise
 		if($id) {
 			$sql="UPDATE $TBL_EXERCICES SET 
 						title='".Database::escape_string(Security::remove_XSS($exercise))."',
-						description='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($description)),COURSEMANAGER))."'";
+						description='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."'";
 				if ($type_e != 'simple') {					
 						$sql .= ", sound='".Database::escape_string($sound)."',
 						type='".Database::escape_string($type)."',
@@ -568,7 +568,7 @@ class Exercise
 					VALUES(
 						'$start_time','$end_time',
 						'".Database::escape_string(Security::remove_XSS($exercise))."',
-						'".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($description)),COURSEMANAGER))."',
+						'".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."',
 						'".Database::escape_string($sound)."',
 						'".Database::escape_string($type)."',
 						'".Database::escape_string($random)."',
diff --git a/main/exercice/exercise_result.php b/main/exercice/exercise_result.php
index 41e487582a..135785eeed 100644
--- a/main/exercice/exercise_result.php
+++ b/main/exercice/exercise_result.php
@@ -29,7 +29,7 @@
 *	@author Olivier Brouckaert, main author
 *	@author Roan Embrechts, some refactoring
 * 	@author Julio Montoya Armas switchable fill in blank option added
-* 	@version $Id: exercise_result.php 20697 2009-05-15 15:42:37Z cvargas1 $
+* 	@version $Id: exercise_result.php 20776 2009-05-18 12:43:44Z pcool $
 *
 *	@todo	split more code up in functions, move functions to library?
 */
@@ -150,7 +150,6 @@ if(!is_array($exerciseResult) || !is_array($questionList) || !is_object($objExer
 // define basic exercise info to print on screen
 $exerciseTitle=$objExercise->selectTitle();
 $exerciseDescription=$objExercise->selectDescription();
-$exerciseDescription=stripslashes($exerciseDescription);
 
 $gradebook = '';
 if (isset($_SESSION['gradebook'])){
@@ -350,10 +349,10 @@ function display_unique_or_multiple_answer($answerType, $studentChoice, $answer,
 		{
 			if(!$answerCorrect)
 			{
-				echo '<span style="font-weight: bold; color: #FF0000;">'.nl2br(make_clickable(stripslashes($answerComment))).'</span>';
+				echo '<span style="font-weight: bold; color: #FF0000;">'.nl2br(make_clickable($answerComment)).'</span>';
 			}
 			else{
-				echo '<span style="font-weight: bold; color: #008000;">'.nl2br(make_clickable(stripslashes($answerComment))).'</span>';
+				echo '<span style="font-weight: bold; color: #008000;">'.nl2br(make_clickable($answerComment)).'</span>';
 			}
 		}
 		else
@@ -382,7 +381,7 @@ function display_free_answer($answer)
 	?>
 		<tr>
 		<td width="55%">
-			<?php echo nl2br(stripslashes(Security::remove_XSS($answer,COURSEMANAGER))); ?>
+			<?php echo nl2br(Security::remove_XSS($answer,COURSEMANAGER)); ?>
 		</td>
    <td width="45%">
     <?php echo get_lang('notCorrectedYet');?>
@@ -428,7 +427,7 @@ function display_hotspot_answer($answerId, $answer, $studentChoice, $answerComme
 					} else {
 						echo '<span style="font-weight: bold; color: #FF0000;">';												
 					}					
-					echo stripslashes($answerComment);
+					echo $answerComment;
 					echo '</span>';				 
 					?>
 				</td>
@@ -696,7 +695,7 @@ foreach ($questionList as $questionId) {
 							break;
 						}
 						$choice[$j]=trim($choice[$j]);
-						$user_tags[]=stripslashes(api_strtolower($choice[$j]));
+						$user_tags[]=api_strtolower($choice[$j]);
 						//put the contents of the [] answer tag into correct_tags[]
                         $correct_tags[]=api_strtolower(api_substr($temp,0,$pos));
 						$j++;
@@ -723,13 +722,13 @@ foreach ($questionList as $questionId) {
 								// increments total score
 								$totalScore+=$answerWeighting[$i];
 								// adds the word in green at the end of the string
-								$answer.=stripslashes($correct_tags[$i]); 
+								$answer.=$correct_tags[$i]; 
 							}
 							// else if the word entered by the student IS NOT the same as the one defined by the professor											
 							elseif(!empty($user_tags[$i]))
 							{
 								// adds the word in red at the end of the string, and strikes it
-								$answer.='<font color="red"><s>'.stripslashes($user_tags[$i]).'</s></font>'; 
+								$answer.='<font color="red"><s>'.$user_tags[$i].'</s></font>'; 
 							}
 							else
 							{
@@ -747,12 +746,12 @@ foreach ($questionList as $questionId) {
 								// increments total score
 								$totalScore+=$answerWeighting[$i];
 								// adds the word in green at the end of the string
-								$answer.=stripslashes($user_tags[$i]);
+								$answer.=$user_tags[$i];
 							}													// else if the word entered by the student IS NOT the same as the one defined by the professor											
 							elseif(!empty($user_tags[$i]))
 							{
 								// adds the word in red at the end of the string, and strikes it
-								$answer.='<font color="red"><s>'.stripslashes($user_tags[$i]).'</s></font>'; 
+								$answer.='<font color="red"><s>'.$user_tags[$i].'</s></font>'; 
 							}
 							else
 							{
@@ -976,7 +975,6 @@ foreach ($questionList as $questionId) {
 				$val = $choice[$j];
 				if (preg_match_all ('#<font color="red"><s>([0-9a-z ]*)</s></font>#', $val, $arr1))
 					$val = $arr1[1][0];
-				$val=addslashes($val);
 				$val=strip_tags($val);
 				$sql = "SELECT position from $table_ans where question_id='".Database::escape_string($questionId)."' and answer='".Database::escape_string($val)."' AND correct=0";
 				$res = api_sql_query($sql, __FILE__, __LINE__);
@@ -1137,7 +1135,7 @@ if(count($arrques)>0) {
 	<a href="#url#">#url#</a></span></body></html>';
 	
 		$msg1= str_replace("#url#",$url,$msg);
-		$mail_content = stripslashes($msg1);
+		$mail_content = $msg1;
 		$student_name = $_SESSION['_user']['firstName'].' '.$_SESSION['_user']['lastName'];
 		$subject = get_lang('OpenQuestionsAttempted');
 		
diff --git a/main/exercice/exercise_show.php b/main/exercice/exercise_show.php
index ea6684f032..2350c7abb0 100644
--- a/main/exercice/exercise_show.php
+++ b/main/exercice/exercise_show.php
@@ -4,7 +4,7 @@
 *
 *	@package dokeos.exercise
 * 	@author Julio Montoya Armas Added switchable fill in blank option added
-* 	@version $Id: exercise_show.php 20704 2009-05-15 17:17:48Z cvargas1 $
+* 	@version $Id: exercise_show.php 20776 2009-05-18 12:43:44Z pcool $
 *
 * 	@todo remove the debug code and use the general debug library
 * 	@todo use the Database:: functions
@@ -230,10 +230,10 @@ function display_unique_or_multiple_answer($answerType, $studentChoice, $answer,
 		{
 			if(!$answerCorrect)
 			{
-				echo '<span style="font-weight: bold; color: #FF0000;">'.nl2br(make_clickable(stripslashes($answerComment))).'</span>';
+				echo '<span style="font-weight: bold; color: #FF0000;">'.nl2br(make_clickable($answerComment)).'</span>';
 			}
 			else{
-				echo '<span style="font-weight: bold; color: #008000;">'.nl2br(make_clickable(stripslashes($answerComment))).'</span>';
+				echo '<span style="font-weight: bold; color: #008000;">'.nl2br(make_clickable($answerComment)).'</span>';
 			}
 		}
 		else
@@ -286,7 +286,7 @@ function display_free_answer($answer,$id,$questionId) {
 	?>
 		<tr>
 		<td>
-			<?php echo nl2br(stripslashes(Security::remove_XSS($answer,COURSEMANAGER))); ?>
+			<?php echo nl2br(Security::remove_XSS($answer,COURSEMANAGER)); ?>
 		</td> <?php if(!api_is_allowed_to_edit()) {?>
         <td>
         <?php        
@@ -339,9 +339,9 @@ function display_hotspot_answer($answerId, $answer, $studentChoice, $answerComme
 			<?php
 			$answerComment=api_parse_tex($answerComment);
 			if($studentChoice) {
-				echo '<span style="font-weight: bold; color: #008000;">'.nl2br(make_clickable(stripslashes($answerComment))).'</span>';							
+				echo '<span style="font-weight: bold; color: #008000;">'.nl2br(make_clickable($answerComment)).'</span>';							
 			} else {
-				echo '<span style="font-weight: bold; color: #FF0000;">'.nl2br(make_clickable(stripslashes($answerComment))).'</span>';				
+				echo '<span style="font-weight: bold; color: #FF0000;">'.nl2br(make_clickable($answerComment)).'</span>';				
 			} 
 			?>
 		</td>	
@@ -445,7 +445,7 @@ if ($show_results == true ) {
 				<?php echo '&nbsp;'.get_lang("Exercise").' :'; ?>
 			</td>
 			<td width="90%">
-			<?php echo stripslashes($test)?><br />
+			<?php echo $test; ?><br />
 			<?php echo $exerciseDescription; ?>
 			</td>
 		</tr>
@@ -676,7 +676,7 @@ if ($show_results) {
 						$choice = $arr[1];
 						$choice[$j]=trim($choice[$j]);
 						// if the word entered by the student IS the same as the one defined by the professor
-						if (api_strtolower(api_substr($temp,0,$pos)) == stripslashes(api_strtolower($choice[$j]))) {
+						if (api_strtolower(api_substr($temp,0,$pos)) == api_strtolower($choice[$j])) {
 							// gives the related weighting to the student
 							$questionScore+=$answerWeighting[$j];
 							// increments total score
@@ -719,7 +719,7 @@ if ($show_results) {
 						$choice = $arr[1];
 						
 						$choice[$j]=trim($choice[$j]);					
-						$user_tags[]=stripslashes(api_strtolower($choice[$j]));
+						$user_tags[]=api_strtolower($choice[$j]);
 						$correct_tags[]=api_strtolower(api_substr($temp,0,$pos));	
 						
 						$j++;
diff --git a/main/exercice/hotspot_admin.inc.php b/main/exercice/hotspot_admin.inc.php
index 14cdc66852..2b72196418 100644
--- a/main/exercice/hotspot_admin.inc.php
+++ b/main/exercice/hotspot_admin.inc.php
@@ -118,7 +118,7 @@ if($submitAnswers || $buttonBack)
             if($debug>0){echo str_repeat('&nbsp;',4).'$answerType is HOT_SPOT'."<br />\n";}
 
             $reponse[$i]=trim($reponse[$i]);
-            $comment[$i]=addslashes(trim($comment[$i]));
+            $comment[$i]=trim($comment[$i]);
             $weighting[$i]=($weighting[$i]); //it can be float
 			if($weighting[$i]) {
 				$questionWeighting+=$weighting[$i];
@@ -309,7 +309,7 @@ if($modifyAnswers)
 					<tr>
 					  <td valign="top"><div style="height: 15px; width: 15px; background-color: <?php echo $hotspot_colors[$i]; ?>"> </div></td>
 					  <td valign="top" align="left"><input type="text" name="reponse[<?php echo $i; ?>]" value="<?php echo api_htmlentities($reponse[$i], ENT_QUOTES, api_get_system_encoding()); ?>" size="45" /></td>
-					  <td align="left"><textarea wrap="virtual" rows="1" cols="25" name="comment[<?php echo $i; ?>]" style="width: 100%"><?php echo stripslashes(api_htmlentities($comment[$i], ENT_QUOTES, api_get_system_encoding())); ?></textarea></td>
+					  <td align="left"><textarea wrap="virtual" rows="1" cols="25" name="comment[<?php echo $i; ?>]" style="width: 100%"><?php echo api_htmlentities($comment[$i], ENT_QUOTES, api_get_system_encoding()); ?></textarea></td>
 					  <td valign="top"><input type="text" name="weighting[<?php echo $i; ?>]" size="5" value="<?php echo (isset($weighting[$i]) ? float_format($weighting[$i],1) : 10); ?>" />
 					  <input type="hidden" name="hotspot_coordinates[<?php echo $i; ?>]" value="<?php echo (empty($hotspot_coordinates[$i]) ? '0;0|0|0' : $hotspot_coordinates[$i]); ?>" />
 					  <input type="hidden" name="hotspot_type[<?php echo $i; ?>]" value="<?php echo (empty($hotspot_type[$i]) ? 'square' : $hotspot_type[$i]); ?>" /></td>
diff --git a/main/exercice/question.class.php b/main/exercice/question.class.php
index 489acd3bcf..e8e185d059 100644
--- a/main/exercice/question.class.php
+++ b/main/exercice/question.class.php
@@ -1,4 +1,4 @@
-<?php // $Id: question.class.php 20644 2009-05-14 16:42:28Z cvargas1 $
+<?php // $Id: question.class.php 20776 2009-05-18 12:43:44Z pcool $
  
 /*
 ==============================================================================
@@ -28,7 +28,7 @@
 *	File containing the Question class.
 *	@package dokeos.exercise
 * 	@author Olivier Brouckaert
-* 	@version $Id: question.class.php 20644 2009-05-14 16:42:28Z cvargas1 $
+* 	@version $Id: question.class.php 20776 2009-05-18 12:43:44Z pcool $
 */
 
 
@@ -579,19 +579,19 @@ abstract class Question
 		$TBL_QUESTIONS			= Database::get_course_table(TABLE_QUIZ_QUESTION);
 		
 		$id=$this->id;
-		$question=addslashes($this->question);
-		$description=addslashes($this->description);
+		$question=$this->question;
+		$description=$this->description;
 		$weighting=$this->weighting;
 		$position=$this->position;
 		$type=$this->type;
-		$picture=addslashes($this->picture);
+		$picture=$this->picture;
 		$level=$this->level; 
 
 		// question already exists		
 		if(!empty($id)) {
 			$sql="UPDATE $TBL_QUESTIONS SET 
 					question 	='".Database::escape_string(Security::remove_XSS($question))."',
-					description	='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($description)),COURSEMANAGER))."',
+					description	='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."',
 					ponderation	='".Database::escape_string($weighting)."',
 					position	='".Database::escape_string($position)."',
 					type		='".Database::escape_string($type)."',
@@ -622,7 +622,7 @@ abstract class Question
 			
 			$sql="INSERT INTO $TBL_QUESTIONS(question,description,ponderation,position,type,picture,level) VALUES(
 					'".Database::escape_string(Security::remove_XSS($question))."',
-					'".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($description)),COURSEMANAGER))."',
+					'".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."',
 					'".Database::escape_string($weighting)."',
 					'".Database::escape_string($position)."',
 					'".Database::escape_string($type)."',
@@ -904,8 +904,8 @@ abstract class Question
 	function duplicate() {
 		global $TBL_QUESTIONS, $picturePath;
 
-		$question=addslashes($this->question);
-		$description=addslashes($this->description);
+		$question=$this->question;
+		$description=$this->description;
 		$weighting=$this->weighting;
 		$position=$this->position;
 		$type=$this->type;


diff --git a/main/exercice/exercice.php b/main/exercice/exercice.php index 90c48ea90d..a0bf9126ab 100644 --- a/main/exercice/exercice.php +++ b/main/exercice/exercice.php @@ -1,5 +1,5 @@ ~~' . stripslashes($user_tags[$i]) . '~~'; + $answer .= '~~' . $user_tags[$i] . '~~'; } else { // adds a tabulation if no word has been typed by the student $answer .= ' '; @@ -461,12 +461,12 @@ if ($formSent) { // increments total score $totalScore += $answerWeighting[$i]; // adds the word in green at the end of the string - $answer .= stripslashes($user_tags[$i]); + $answer .= $user_tags[$i]; } elseif (!empty ($user_tags[$i])) { // else if the word entered by the student IS NOT the same as the one defined by the professor // adds the word in red at the end of the string, and strikes it - $answer .= '~~' . stripslashes($user_tags[$i]) . '~~'; + $answer .= '~~' . $user_tags[$i] . '~~'; } else { // adds a tabulation if no word has been typed by the student $answer .= ' '; @@ -565,7 +565,7 @@ if ($formSent) { if (preg_match_all('#~~([0-9a-z ])~~#', $val, $arr1)) { $val = $arr1[1][0]; } - $val = addslashes($val); + $val = $val; $val = strip_tags($val); $sql = "select position from $table_ans where question_id='" . Database :: escape_string($questionId) . "' and answer='" . Database :: escape_string($val) . "' AND correct=0"; $res = api_sql_query($sql, __FILE__, __LINE__); @@ -682,7 +682,7 @@ $quizID = $objExercise->selectId(); $exerciseAttempts = $objExercise->selectAttempts(); $exerciseTitle = $objExercise->selectTitle(); $exerciseDescription = $objExercise->selectDescription(); -$exerciseDescription = stripslashes($exerciseDescription); +$exerciseDescription = $exerciseDescription; $exerciseSound = $objExercise->selectSound(); $randomQuestions = $objExercise->isRandom(); $exerciseType = $objExercise->selectType(); diff --git a/main/exercice/exercise.class.php b/main/exercice/exercise.class.php index 4b602964b8..7844befbe3 100644 --- a/main/exercice/exercise.class.php +++ b/main/exercice/exercise.class.php @@ -25,7 +25,7 @@ Exercise class: This class allows to instantiate an object of type Exercise * @package dokeos.exercise * @author Olivier Brouckaert -* @version $Id: exercise.class.php 20644 2009-05-14 16:42:28Z cvargas1 $ +* @version $Id: exercise.class.php 20776 2009-05-18 12:43:44Z pcool $ / @@ -521,9 +521,9 @@ class Exercise $TBL_QUIZ_QUESTION= Database::get_course_table(TABLE_QUIZ_TEST_QUESTION); $id=$this->id; - $exercise=addslashes($this->exercise); - $description=addslashes($this->description); - $sound=addslashes($this->sound); + $exercise=$this->exercise; + $description=$this->description; + $sound=$this->sound; $type=$this->type; $attempts=$this->attempts; $feedbacktype=$this->feedbacktype; @@ -540,7 +540,7 @@ class Exercise if($id) { $sql="UPDATE $TBL_EXERCICES SET title='".Database::escape_string(Security::remove_XSS($exercise))."', - description='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($description)),COURSEMANAGER))."'"; + description='".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."'"; if ($type_e != 'simple') { $sql .= ", sound='".Database::escape_string($sound)."', type='".Database::escape_string($type)."', @@ -568,7 +568,7 @@ class Exercise VALUES( '$start_time','$end_time', '".Database::escape_string(Security::remove_XSS($exercise))."', - '".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($description)),COURSEMANAGER))."', + '".Database::escape_string(Security::remove_XSS(api_html_entity_decode($description),COURSEMANAGER))."', '".Database::escape_string($sound)."', '".Database::escape_string($type)."', '".Database::escape_string($random)."', diff --git a/main/exercice/exercise_result.php b/main/exercice/exercise_result.php index 41e487582a..135785eeed 100644 --- a/main/exercice/exercise_result.php +++ b/main/exercice/exercise_result.php @@ -29,7 +29,7 @@ @author Olivier Brouckaert, main author * @author Roan Embrechts, some refactoring * @author Julio Montoya Armas switchable fill in blank option added -* @version $Id: exercise_result.php 20697 2009-05-15 15:42:37Z cvargas1 $ +* @version $Id: exercise_result.php 20776 2009-05-18 12:43:44Z pcool $ * * @todo split more code up in functions, move functions to library? */ @@ -150,7 +150,6 @@ if(!is_array($exerciseResult) \|\| !is_array($questionList) \|\| !is_object($objExer // define basic exercise info to print on screen $exerciseTitle=$objExercise->selectTitle(); $exerciseDescription=$objExercise->selectDescription(); -$exerciseDescription=stripslashes($exerciseDescription); $gradebook = ''; if (isset($_SESSION['gradebook'])){ @@ -350,10 +349,10 @@ function display_unique_or_multiple_answer($answerType, $studentChoice, $answer, { if(!$answerCorrect) { - echo ''.nl2br(make_clickable(stripslashes($answerComment))).''; + echo ''.nl2br(make_clickable($answerComment)).''; } else{ - echo ''.nl2br(make_clickable(stripslashes($answerComment))).''; + echo ''.nl2br(make_clickable($answerComment)).''; } } else @@ -382,7 +381,7 @@ function display_free_answer($answer) ?>
- +	@@ -428,7 +427,7 @@ function display_hotspot_answer($answerId, $answer, $studentChoice, $answerComme } else { echo ''; } - echo stripslashes($answerComment); + echo $answerComment; echo ''; ?>
- +	'.nl2br(make_clickable(stripslashes($answerComment))).''; + echo ''.nl2br(make_clickable($answerComment)).''; } else { - echo ''.nl2br(make_clickable(stripslashes($answerComment))).''; + echo ''.nl2br(make_clickable($answerComment)).''; } ?>	- +
		<?php echo stripslashes(api_htmlentities($comment[$i], ENT_QUOTES, api_get_system_encoding())); ?>	<?php echo api_htmlentities($comment[$i], ENT_QUOTES, api_get_system_encoding()); ?>