Merged in changes from MOODLE_17_STABLE for bug MDL-2006

author mark-nielsen <mark-nielsen>

Wed, 6 Dec 2006 02:04:37 +0000 (02:04 +0000)

committer mark-nielsen <mark-nielsen>

Wed, 6 Dec 2006 02:04:37 +0000 (02:04 +0000)
author mark-nielsen <mark-nielsen>
Wed, 6 Dec 2006 02:04:37 +0000 (02:04 +0000)
committer mark-nielsen <mark-nielsen>
Wed, 6 Dec 2006 02:04:37 +0000 (02:04 +0000)
diff --git a/mod/lesson/action/continue.php b/mod/lesson/action/continue.php

index a6727b34eff6da2d767f85648200af88044aec36..74899dcdd9791c13f3f71bcb6860a9fa9b88bdb1 100644 (file)
--- a/mod/lesson/action/continue.php
+++ b/mod/lesson/action/continue.php
@@ -88,7 +88,7 @@
                  $noanswer = true;
                  break;
              }            
-            $useranswer = stripslashes(clean_param($useranswer, PARAM_CLEAN));
+            $useranswer = stripslashes(clean_param($useranswer, PARAM_RAW));
              $userresponse = addslashes($useranswer);
              if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) {
                  error("Continue: No answers found");
@@ -184,7 +184,7 @@
                      break; // quit answer analysis immediately after a match has been found
                  }
              }
-            $studentanswer = $useranswer;
+            $studentanswer = s($useranswer);
              break;
          
          case LESSON_TRUEFALSE :
diff --git a/mod/lesson/report.php b/mod/lesson/report.php

index 6d4d32a987286999f1b91b29c436e92276f9637f..e41b9b7a1c683ded2a1da5710130c418d5b7df03 100644 (file)
--- a/mod/lesson/report.php
+++ b/mod/lesson/report.php
@@ -616,7 +616,7 @@
                                      $total = $stats["total"];
                                      unset($stats["total"]);
                                      foreach ($stats as $valentered => $ntimes) {
-                                        $data = "<input type=\"text\" size=\"50\" disabled=\"disabled\" readonly=\"readonly\" value=\"$valentered\">";
+                                        $data = '<input type="text" size="50" disabled="disabled" readonly="readonly" value="'.s($valentered).'" />';
                                          $percent = $ntimes / $total * 100;
                                          $percent = round($percent, 2);
                                          $percent .= "% ".get_string("enteredthis", "lesson");
@@ -628,7 +628,7 @@
                                  $i++;
                              } else if ($useranswer != NULL and $answer->id == $useranswer->answerid) {
                                  // get in here when a user answer matches one of the answers to the page
-                                $data = "<input type=\"text\" size=\"50\" disabled=\"disabled\" readonly=\"readonly\" value=\"$useranswer->useranswer\">";
+                                $data = '<input type="text" size="50" disabled="disabled" readonly="readonly" value="'.s($useranswer->useranswer).'">';
                                  if (isset($pagestats[$page->id][$useranswer->useranswer])) {
                                      $percent = $pagestats[$page->id][$useranswer->useranswer] / $pagestats[$page->id]["total"] * 100;
                                      $percent = round($percent, 2);
@@ -656,7 +656,7 @@
                                  }
                              } elseif ($answer == end($answers) && empty($answerdata) && $useranswer != NULL) {
                                  // get in here when what the user entered is not one of the answers
-                                $data = "<input type=\"text\" size=\"50\" disabled=\"disabled\" readonly=\"readonly\" value=\"$useranswer->useranswer\">";
+                                $data = '<input type="text" size="50" disabled="disabled" readonly="readonly" value="'.s($useranswer->useranswer).'">';
                                  if (isset($pagestats[$page->id][$useranswer->useranswer])) {
                                      $percent = $pagestats[$page->id][$useranswer->useranswer] / $pagestats[$page->id]["total"] * 100;
                                      $percent = round($percent, 2);
diff --git a/mod/lesson/view.php b/mod/lesson/view.php

index be4a0212b16563a45021bb791663704d7437041b..8a749470dc1ff88dd0325a3c7b61be76a1e38b5e 100644 (file)
--- a/mod/lesson/view.php
+++ b/mod/lesson/view.php
@@ -556,7 +556,7 @@
                  case LESSON_SHORTANSWER :
                  case LESSON_NUMERICAL :
                      if (isset($USER->modattempts[$lesson->id])) {     
-                        $value = "value=\"$attempt->useranswer\"";
+                        $value = 'value="'.s($attempt->useranswer).'"';
                      } else {
                          $value = "";
                      }
author	mark-nielsen <mark-nielsen>
	Wed, 6 Dec 2006 02:04:37 +0000 (02:04 +0000)
committer	mark-nielsen <mark-nielsen>
	Wed, 6 Dec 2006 02:04:37 +0000 (02:04 +0000)
mod/lesson/action/continue.php		patch \| blob \| history
mod/lesson/report.php		patch \| blob \| history
mod/lesson/view.php		patch \| blob \| history