Skip to content

Commit 58a5c46

Browse files
jmontoyaajmontoyaa
committed
Attendance: add remove_xss
1 parent 51d2ec0 commit 58a5c46

File tree

2 files changed

+21
-10
lines changed

2 files changed

+21
-10
lines changed

main/gradebook/lib/GradebookUtils.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -961,7 +961,7 @@ public static function load_gradebook_select_in_tool($form)
961961
$select_gradebook->addOption(get_lang('Default'), $my_cat->get_id());
962962
$cats_added[] = $my_cat->get_id();
963963
} else {
964-
$select_gradebook->addOption($my_cat->get_name(), $my_cat->get_id());
964+
$select_gradebook->addOption(Security::remove_XSS($my_cat->get_name()), $my_cat->get_id());
965965
$cats_added[] = $my_cat->get_id();
966966
}
967967
} else {

main/inc/lib/attendance.lib.php

Lines changed: 20 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -181,13 +181,26 @@ public static function get_attendance_data(
181181
) || api_is_drh();
182182
if (api_is_allowed_to_edit(null, true) || $isDrhOfCourse) {
183183
// Link to edit
184-
$attendance[1] = '<a href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list&attendance_id='.$attendance[0].$student_param.'">'.$attendance[1].'</a>'.$session_star;
184+
$attendance[1] = '<a
185+
href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list&attendance_id='.$attendance[0].$student_param.'">'.
186+
Security::remove_XSS($attendance[1]).
187+
'</a>'.
188+
$session_star;
185189
} else {
186190
// Link to view
187-
$attendance[1] = '<a href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list_no_edit&attendance_id='.$attendance[0].$student_param.'">'.$attendance[1].'</a>'.$session_star;
191+
$attendance[1] = '<a
192+
href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list_no_edit&attendance_id='.$attendance[0].$student_param.'">'.
193+
Security::remove_XSS($attendance[1]).
194+
'</a>'.
195+
$session_star;
188196
}
189197
} else {
190-
$attendance[1] = '<a class="muted" href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list&attendance_id='.$attendance[0].$student_param.'">'.$attendance[1].'</a>'.$session_star;
198+
$attendance[1] = '<a
199+
class="muted"
200+
href="index.php?'.api_get_cidreq().'&action=attendance_sheet_list&attendance_id='.$attendance[0].$student_param.'">'.
201+
Security::remove_XSS($attendance[1]).
202+
'</a>'.
203+
$session_star;
191204
}
192205

193206
if ($attendance[5] == 1) {
@@ -198,9 +211,7 @@ public static function get_attendance_data(
198211

199212
$attendance[3] = '<center>'.$attendance[3].'</center>';
200213
if (api_is_allowed_to_edit(null, true)) {
201-
$actions = '';
202-
$actions .= '<center>';
203-
214+
$actions = '<center>';
204215
if (api_is_platform_admin()) {
205216
$actions .= '<a href="index.php?'.api_get_cidreq().'&action=attendance_edit&attendance_id='.$attendance[0].'">'.
206217
Display::return_icon('edit.png', get_lang('Edit'), [], ICON_SIZE_SMALL).'</a>&nbsp;';
@@ -268,7 +279,7 @@ public static function get_attendance_data(
268279
$attendances[] = [
269280
$attendance[0],
270281
$attendance[1],
271-
$attendance[2],
282+
Security::remove_XSS($attendance[2]),
272283
$attendance[3],
273284
$actions,
274285
];
@@ -277,7 +288,7 @@ public static function get_attendance_data(
277288
$attendances[] = [
278289
$attendance[0],
279290
$attendance[1],
280-
$attendance[2],
291+
Security::remove_XSS($attendance[2]),
281292
$attendance[3],
282293
];
283294
}
@@ -2326,7 +2337,7 @@ public function getCoursesWithAttendance(
23262337
false
23272338
);
23282339
/* Get course with (in_category) and without (not_category) category */
2329-
foreach ($courses as $coursesKey => $courseData) {
2340+
foreach ($courses as $courseData) {
23302341
/*
23312342
* $coursesKey can be in_category or not_category for courses
23322343
* */

0 commit comments

Comments
 (0)