global $QTYPES;
// initialise response to the value in the answer field
+ $state->answer = addslashes($state->answer);
$state->responses = array('' => $state->answer);
unset($state->answer);
+ $state->comment = isset($state->comment) ? addslashes($state->comment) : '';
// Set the changed field to false; any code which changes the
// question session must set this to true and must increment
// get response value
if (isset($state->responses[''])) {
// security problem. responses[''] is never cleaned before it is sent to the db (I think)
- $value = $state->responses[''];
+ $value = stripslashes_safe($state->responses['']);
} else {
$value = "";
}
$grade .= $question->maxgrade;
}
- $comment = $state->comment;
+ $comment = stripslashes($state->comment);
$commentlink = '';
if (isset($options->questioncommentlink)) {
$strcomment = get_string('commentorgrade', 'quiz');
projects / moodle.git / commitdiff