Merged from stable

diff --git a/course/lib.php b/course/lib.php
index 8d3b0c263f4c12c45d0f8182cbc53a665b002cee..cb5d3abd313139cde475e42971ca45f770903e2b 100644 (file)
--- a/course/lib.php
+++ b/course/lib.php
@@ -532,6 +532,9 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
             $log->info = get_field($ld->mtable, $ld->field, 'id', $log->info);
         }
 
+        $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
+        $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
+
         echo '<tr nowrap="nowrap">';
         if (! $course->category) {
             echo '<td nowrap="nowrap"><font size=2><a href="view.php?id='.$log->course.'">'.$courses[$log->course].'</a></td>';

diff --git a/lang/en/help/resource/parameters.html b/lang/en/help/resource/parameters.html
index 542b46f405273821ef00839789c9b28bde969346..d2d6ae8caf2e30d3a14d82f6f339a9a58e5af44e 100644 (file)
--- a/lang/en/help/resource/parameters.html
+++ b/lang/en/help/resource/parameters.html
@@ -1,6 +1,10 @@
 <p align="center"><b>Resource Parameters</b></p>
 
-<p>If you specify parameters here then they will be passed to the 
+<p>The parameter settings are completely optional, and are 
+   only useful when you need to pass some Moodle information 
+   to the resource file or web site.</p>
+
+<p>If you define any parameters they will be passed to the 
    resource as part of the URL (using the GET method).</p>
 
 <p>The left column allows you to choose information to send,