From da1cc5a44e2c5329d29eb09b6475cf3bb4447a7c Mon Sep 17 00:00:00 2001 From: gustav_delius Date: Thu, 13 Apr 2006 00:37:14 +0000 Subject: [PATCH] Fixed problem with slashes, bug 5177 --- lib/questionlib.php | 2 ++ question/type/essay/questiontype.php | 2 +- question/type/questiontype.php | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/questionlib.php b/lib/questionlib.php index 5e07530549..90f6b22863 100644 --- a/lib/questionlib.php +++ b/lib/questionlib.php @@ -645,8 +645,10 @@ function restore_question_state(&$question, &$state) { global $QTYPES; // initialise response to the value in the answer field + $state->answer = addslashes($state->answer); $state->responses = array('' => $state->answer); unset($state->answer); + $state->comment = isset($state->comment) ? addslashes($state->comment) : ''; // Set the changed field to false; any code which changes the // question session must set this to true and must increment diff --git a/question/type/essay/questiontype.php b/question/type/essay/questiontype.php index 8230960841..4846590da2 100644 --- a/question/type/essay/questiontype.php +++ b/question/type/essay/questiontype.php @@ -110,7 +110,7 @@ class question_essay_qtype extends default_questiontype { // get response value if (isset($state->responses[''])) { // security problem. responses[''] is never cleaned before it is sent to the db (I think) - $value = $state->responses['']; + $value = stripslashes_safe($state->responses['']); } else { $value = ""; } diff --git a/question/type/questiontype.php b/question/type/questiontype.php index 3bed76d117..920638ab26 100644 --- a/question/type/questiontype.php +++ b/question/type/questiontype.php @@ -475,7 +475,7 @@ class default_questiontype { $grade .= $question->maxgrade; } - $comment = $state->comment; + $comment = stripslashes($state->comment); $commentlink = ''; if (isset($options->questioncommentlink)) { $strcomment = get_string('commentorgrade', 'quiz'); -- 2.39.5