From 9815db1ff9aa8f983602d87f820b1970ac0a2a7c Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 2 Aug 2021 13:40:13 +0200 Subject: [PATCH] Gradebook eval: add remove_xss --- main/gradebook/lib/fe/displaygradebook.php | 4 ++-- main/gradebook/lib/fe/evalform.class.php | 2 +- main/gradebook/lib/fe/gradebooktable.class.php | 7 ++++--- main/gradebook/lib/fe/resulttable.class.php | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/main/gradebook/lib/fe/displaygradebook.php b/main/gradebook/lib/fe/displaygradebook.php index e8fdb651af..48241e749c 100755 --- a/main/gradebook/lib/fe/displaygradebook.php +++ b/main/gradebook/lib/fe/displaygradebook.php @@ -85,7 +85,7 @@ class DisplayGradebook $description = ''; if ('' == !$evalobj->get_description()) { - $description = get_lang('Description').' : '.$evalobj->get_description().'
'; + $description = get_lang('Description').' : '.Security::remove_XSS($evalobj->get_description()).'
'; } if ($evalobj->get_course_code() == null) { @@ -95,7 +95,7 @@ class DisplayGradebook } $evalinfo = '
'; - $evalinfo .= '

'.$evalobj->get_name().'

'; + $evalinfo .= '

'.Security::remove_XSS($evalobj->get_name()).'

'; $evalinfo .= $description; $evalinfo .= get_lang('Course').' : '.$course.'
'; if (empty($model)) { diff --git a/main/gradebook/lib/fe/evalform.class.php b/main/gradebook/lib/fe/evalform.class.php index cf65468dcc..d1b5f24044 100755 --- a/main/gradebook/lib/fe/evalform.class.php +++ b/main/gradebook/lib/fe/evalform.class.php @@ -577,7 +577,7 @@ class EvalForm extends FormValidator $select_gradebook->addOption(get_lang('Default'), $my_cat->get_id()); $cats_added[] = $my_cat->get_id(); } else { - $select_gradebook->addOption($my_cat->get_name(), $my_cat->get_id()); + $select_gradebook->addOption(Security::remove_XSS($my_cat->get_name()), $my_cat->get_id()); $cats_added[] = $my_cat->get_id(); } } else { diff --git a/main/gradebook/lib/fe/gradebooktable.class.php b/main/gradebook/lib/fe/gradebooktable.class.php index 2f42962b93..deae6fed35 100755 --- a/main/gradebook/lib/fe/gradebooktable.class.php +++ b/main/gradebook/lib/fe/gradebooktable.class.php @@ -423,10 +423,11 @@ class GradebookTable extends SortableTable // Name. if ('Category' === get_class($item)) { - $row[] = $invisibility_span_open.''.Security::remove_XSS($item->get_name()).''.$invisibility_span_close; + $row[] = $invisibility_span_open. + ''.Security::remove_XSS($item->get_name()).''.$invisibility_span_close; $main_categories[$item->get_id()]['name'] = $item->get_name(); } else { - $name = $this->build_name_link($item, $type); + $name = Security::remove_XSS($this->build_name_link($item, $type)); $row[] = $invisibility_span_open.$name.$invisibility_span_close; $main_categories[$item->get_id()]['name'] = $name; } @@ -622,7 +623,7 @@ class GradebookTable extends SortableTable $row[] = $this->build_type_column($item, ['style' => 'padding-left:5px']); // Name. $row[] = $invisibility_span_open.'    '. - $this->build_name_link($item, $type, 4).$invisibility_span_close; + Security::remove_XSS($this->build_name_link($item, $type, 4)).$invisibility_span_close; // Description. if (false == $this->exportToPdf) { diff --git a/main/gradebook/lib/fe/resulttable.class.php b/main/gradebook/lib/fe/resulttable.class.php index f23b5d72e1..fc35f398a6 100755 --- a/main/gradebook/lib/fe/resulttable.class.php +++ b/main/gradebook/lib/fe/resulttable.class.php @@ -26,7 +26,7 @@ class ResultTable extends SortableTable */ public function __construct( $evaluation, - $results = [], + $results, $iscourse, $addparams = [], $forprint = false