';
- $evalinfo .= ''.$evalobj->get_name().''; + $evalinfo .= ' '.Security::remove_XSS($evalobj->get_name()).''; $evalinfo .= $description; $evalinfo .= get_lang('Course').' : '.$course.' '; if (empty($model)) { diff --git a/main/gradebook/lib/fe/evalform.class.php b/main/gradebook/lib/fe/evalform.class.php index cf65468dcc..d1b5f24044 100755 --- a/main/gradebook/lib/fe/evalform.class.php +++ b/main/gradebook/lib/fe/evalform.class.php @@ -577,7 +577,7 @@ class EvalForm extends FormValidator $select_gradebook->addOption(get_lang('Default'), $my_cat->get_id()); $cats_added[] = $my_cat->get_id(); } else { - $select_gradebook->addOption($my_cat->get_name(), $my_cat->get_id()); + $select_gradebook->addOption(Security::remove_XSS($my_cat->get_name()), $my_cat->get_id()); $cats_added[] = $my_cat->get_id(); } } else { diff --git a/main/gradebook/lib/fe/gradebooktable.class.php b/main/gradebook/lib/fe/gradebooktable.class.php index 2f42962b93..deae6fed35 100755 --- a/main/gradebook/lib/fe/gradebooktable.class.php +++ b/main/gradebook/lib/fe/gradebooktable.class.php @@ -423,10 +423,11 @@ class GradebookTable extends SortableTable // Name. if ('Category' === get_class($item)) { - $row[] = $invisibility_span_open.''.Security::remove_XSS($item->get_name()).''.$invisibility_span_close; + $row[] = $invisibility_span_open. + ''.Security::remove_XSS($item->get_name()).''.$invisibility_span_close; $main_categories[$item->get_id()]['name'] = $item->get_name(); } else { - $name = $this->build_name_link($item, $type); + $name = Security::remove_XSS($this->build_name_link($item, $type)); $row[] = $invisibility_span_open.$name.$invisibility_span_close; $main_categories[$item->get_id()]['name'] = $name; } @@ -622,7 +623,7 @@ class GradebookTable extends SortableTable $row[] = $this->build_type_column($item, ['style' => 'padding-left:5px']); // Name. $row[] = $invisibility_span_open.' '. - $this->build_name_link($item, $type, 4).$invisibility_span_close; + Security::remove_XSS($this->build_name_link($item, $type, 4)).$invisibility_span_close; // Description. if (false == $this->exportToPdf) { diff --git a/main/gradebook/lib/fe/resulttable.class.php b/main/gradebook/lib/fe/resulttable.class.php index f23b5d72e1..fc35f398a6 100755 --- a/main/gradebook/lib/fe/resulttable.class.php +++ b/main/gradebook/lib/fe/resulttable.class.php @@ -26,7 +26,7 @@ class ResultTable extends SortableTable */ public function __construct( $evaluation, - $results = [], + $results, $iscourse, $addparams = [], $forprint = false |