Fixed issue: Control characters break XML export

Dev Added filter to prevent saving of control characters in response data (except for tab, CR and LF) by respondents

application/helpers/common_helper.php

@@ -2608,6 +2608,22 @@ function dbQuoteAll($value)
     return Yii::app()->db->quoteValue($value);
 }
 
+
+/**
+* This function strips UTF-8 control characters from strings, except tabs, CR and LF
+* - it is intended to be used before any response data is saved to the response table
+*
+* @param mixed $sValue A string to be sanitized
+* @return A sanitized string, otherwise the unmodified original variable
+*/
+function stripCtrlChars($sValue)
+{
+    if (is_string($sValue))
+    {
+        $sValue=preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F\x80-\x9F]/u', '', $sValue);
+    }
+    return $sValue;
+}
 // make a string safe to include in a JavaScript String parameter.
 function javascriptEscape($str, $strip_tags=false, $htmldecode=false) {
     $new_str ='';

application/helpers/expressions/em_manager_helper.php

@@ -5332,7 +5332,7 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
                     {
                         $sdata['refurl'] = getenv("HTTP_REFERER");
                     }
-                }
+                 }
 
                 $sdata = array_filter($sdata);
                 SurveyDynamic::sid($this->sid);
@@ -5432,7 +5432,7 @@ private function _UpdateValuesInDatabase($updatedValues, $finished=false)
                     }
                     else
                     {
-                        $setter[] = dbQuoteID($key) . "=" . dbQuoteAll($val);
+                        $setter[] = dbQuoteID($key) . "=" . dbQuoteAll(stripCtrlChars($val));
                     }
                 }
                 $query .= implode(', ', $setter);