diff --git a/main/exercice/exercise.lib.php b/main/exercice/exercise.lib.php index e6653a8136..2fb4a8ceb2 100755 --- a/main/exercice/exercise.lib.php +++ b/main/exercice/exercise.lib.php @@ -105,7 +105,7 @@ function showQuestion($questionId, $onlyAnswers=false, $origin=false,$current_it // construction of the Answer object $objAnswerTmp=new Answer($questionId); - $nbrAnswers=$objAnswerTmp->selectNbrAnswers(); + $nbrAnswers=$objAnswerTmp->selectNbrAnswers(); // only used for the answer type "Matching" if($answerType == MATCHING) @@ -232,7 +232,7 @@ function showQuestion($questionId, $onlyAnswers=false, $origin=false,$current_it

"; $answer=api_parse_tex($answer); - $s.=strip_tags($answer); + $s.=Security::remove_XSS($answer, STUDENT); $s.=""; } elseif($answerType == MULTIPLE_ANSWER) { @@ -244,7 +244,7 @@ function showQuestion($questionId, $onlyAnswers=false, $origin=false,$current_it

"; $answer = api_parse_tex($answer); - $s.=strip_tags($answer); + $s.=Security::remove_XSS($answer, STUDENT); $s.=""; } elseif($answerType == MULTIPLE_ANSWER_COMBINATION) { @@ -256,20 +256,17 @@ function showQuestion($questionId, $onlyAnswers=false, $origin=false,$current_it

"; $answer = api_parse_tex($answer); - $s.=strip_tags($answer); + $s.=Security::remove_XSS($answer, STUDENT); $s.=""; } - // fill in blanks - elseif($answerType == FILL_IN_BLANKS) - { + elseif($answerType == FILL_IN_BLANKS) { $s.="$answer"; } // free answer // matching // TODO: replace $answerId by $numAnswer - else { - + else { if ($answerCorrect) { $s.="