From bc67bd3ad823b83f964711163d26a68eef4972ee Mon Sep 17 00:00:00 2001
From: Cristian Fasanando <cristian.fasanando@beeznest.com>
Date: Mon, 1 Jun 2009 18:33:15 +0200
Subject: [PATCH] [svn r21163] Added escape string to $display['display'] -
 partial FS#4269

---
 main/gradebook/lib/scoredisplay.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/gradebook/lib/scoredisplay.class.php b/main/gradebook/lib/scoredisplay.class.php
index 409ac9a802..d8d1fcde78 100644
--- a/main/gradebook/lib/scoredisplay.class.php
+++ b/main/gradebook/lib/scoredisplay.class.php
@@ -199,7 +199,7 @@ class ScoreDisplay
 			if ($count > 0) {
 				$sql .= ',';				
 			}
-			$sql .= "(NULL, '".$display['score']."', '".$display['display']."')";
+			$sql .= "(NULL, '".$display['score']."', '".Database::escape_string($display['display'])."')";
 			$count++;
 		}
 		api_sql_query($sql, __FILE__, __LINE__);