From e7dcb0fcccaa59ab8dcdbdf20d592d904586ca1d Mon Sep 17 00:00:00 2001 From: skodak Date: Thu, 12 Oct 2006 09:53:32 +0000 Subject: [PATCH] moodleform->validation() receives slashed $data now to make it similar to data_submitted() and prevent potential SQL injections --- lib/formslib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/formslib.php b/lib/formslib.php index 2bb5070170..9c54a76d00 100644 --- a/lib/formslib.php +++ b/lib/formslib.php @@ -80,7 +80,7 @@ class moodleform { if ($validated === null) { $internal_val = $this->_form->validate(); - $moodle_val = $this->validation($this->_form->exportValues(null, false)); + $moodle_val = $this->validation($this->_form->exportValues(null, true)); if ($moodle_val !== true) { if (!empty($moodle_val)) { foreach ($moodle_val as $element=>$msg) { -- 2.39.5