Skip to content

Commit ba8cafc

Browse files
jmontoyaajmontoyaa
committed
Exercises: Add $form->protect() in exercise_admin + add Security::removeXss
1 parent b953125 commit ba8cafc

File tree

1 file changed

+3
-14
lines changed

1 file changed

+3
-14
lines changed

main/exercise/exercise.class.php

Lines changed: 3 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1991,6 +1991,7 @@ public function createForm($form, $type = 'full')
19911991
}
19921992

19931993
$form->addHeader($form_title);
1994+
$form->protect();
19941995

19951996
// Title.
19961997
if (api_get_configuration_value('save_titles_as_html')) {
@@ -9401,28 +9402,16 @@ public static function exerciseGrid(
94019402
$title = $cut_title;
94029403
}
94039404

9404-
/*$count_exercise_not_validated = (int) Event::count_exercise_result_not_validated(
9405-
$my_exercise_id,
9406-
$courseId,
9407-
$sessionId
9408-
);*/
9409-
$move = null;
9410-
$class_tip = '';
9411-
/*if (!empty($count_exercise_not_validated)) {
9412-
$results_text = $count_exercise_not_validated == 1 ? get_lang('ResultNotRevised') : get_lang('ResultsNotRevised');
9413-
$title .= '<span class="exercise_tooltip" style="display: none;">'.$count_exercise_not_validated.' '.$results_text.' </span>';
9414-
}*/
94159405
$overviewUrl = api_get_path(WEB_CODE_PATH).'exercise/overview.php';
9416-
$url = $move.
9406+
$url = Security::remove_XSS(
94179407
'<a
94189408
'.$alt_title.'
9419-
class="'.$class_tip.'"
94209409
id="tooltip_'.$row['iid'].'"
94219410
href="'.$overviewUrl.'?'.api_get_cidreq().$mylpid.$mylpitemid.'&exerciseId='.$row['iid'].'"
94229411
>
94239412
'.Display::return_icon('quiz.png', $row['title']).'
94249413
'.$title.'
9425-
</a>'.PHP_EOL;
9414+
</a>');
94269415

94279416
if (ExerciseLib::isQuizEmbeddable($row)) {
94289417
$embeddableIcon = Display::return_icon('om_integration.png', get_lang('ThisQuizCanBeEmbeddable'));

0 commit comments

Comments
 (0)