From: poltawski <poltawski>
Date: Thu, 24 Jan 2008 19:41:17 +0000 (+0000)
Subject: MDL-13088 - database presets weren't escaping bad chars, causing presets
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=70c003a241cc3909d760ee5b8c246730a6eacd63;p=moodle.git

MDL-13088 - database presets weren't escaping bad chars, causing presets
to break with a rogue <
merged from MOODLE_19_STABLE
---

diff --git a/mod/data/lib.php b/mod/data/lib.php
index 7d449bd9cb..daa023bd0d 100755
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@@ -1827,7 +1827,7 @@ function data_presets_export($course, $cm, $data) {
 
     $presetxml .= "<settings>\n";
     foreach ($settingssaved as $setting) {
-        $presetxml .= "<$setting>{$data->$setting}</$setting>\n";
+        $presetxml .= "<$setting>".htmlentities($data->$setting)."</$setting>\n";
     }
     $presetxml .= "</settings>\n\n";
 
@@ -1837,7 +1837,7 @@ function data_presets_export($course, $cm, $data) {
             $presetxml .= "<field>\n";
             foreach ($field as $key => $value) {
                 if ($value != '' && $key != 'id' && $key != 'dataid') {
-                    $presetxml .= "<$key>$value</$key>\n";
+                    $presetxml .= "<$key>".htmlentities($value)."</$key>\n";
                 }
             }
             $presetxml .= "</field>\n\n";