From 81d3eded3a0bb7dc031a30c884c981598da98a98 Mon Sep 17 00:00:00 2001 From: dongsheng Date: Fri, 18 Apr 2008 02:12:30 +0000 Subject: [PATCH] MDL-14137, use addslash in get_settings() and remove the second parameter of htmlspecialchars() --- mod/data/lib.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mod/data/lib.php b/mod/data/lib.php index a5cac29eed..b79577c04d 100755 --- a/mod/data/lib.php +++ b/mod/data/lib.php @@ -1837,7 +1837,7 @@ function data_presets_export($course, $cm, $data) { $presetxml .= "\n"; foreach ($settingssaved as $setting) { - $presetxml .= "<$setting>".htmlspecialchars($data->$setting, ENT_NOQUOTES)."\n"; + $presetxml .= "<$setting>".htmlspecialchars($data->$setting)."\n"; } $presetxml .= "\n\n"; @@ -1847,7 +1847,7 @@ function data_presets_export($course, $cm, $data) { $presetxml .= "\n"; foreach ($field as $key => $value) { if ($value != '' && $key != 'id' && $key != 'dataid') { - $presetxml .= "<$key>".htmlspecialchars($value, ENT_NOQUOTES)."\n"; + $presetxml .= "<$key>".htmlspecialchars($value)."\n"; } } $presetxml .= "\n\n"; @@ -1933,13 +1933,12 @@ class PresetImporter { if (!is_array($value)) { continue; } - $f->$param = $value[0]['#']; + $f->$param = addslashes($value[0]['#']); } $f->dataid = $this->data->id; $f->type = clean_param($f->type, PARAM_ALPHA); $fields[] = $f; } - /* Now add the HTML templates to the settings array so we can update d */ $settings->singletemplate = file_get_contents($this->folder."/singletemplate.html"); $settings->listtemplate = file_get_contents($this->folder."/listtemplate.html"); -- 2.39.5