diff --git a/mod/hotpot/lib.php b/mod/hotpot/lib.php
index 179d283f8de55..5f8c1009d2ab2 100644
--- a/mod/hotpot/lib.php
+++ b/mod/hotpot/lib.php
@@ -1520,8 +1520,8 @@ function hotpot_xml_quiz(&$obj, $read_file=true, $parse_xml=true, $convert_urls=
// relative URLs in stylesheets
$search = '|'.'()'.'|ise';
- $replace = "stripslashes('\\1').hotpot_convert_stylesheets_urls('".$this->get_baseurl()."','".$this->reference."','\\2'.'\\3')";
- $this->source = preg_replace($search, $replace, $this->source);
+ $replace = "hotpot_stripslashes('\\1').hotpot_convert_stylesheets_urls('".$this->get_baseurl()."','".$this->reference."','\\2'.'\\3')";
+ $this->source = preg_replace($search, $replace, $this->source);
// relative URLs in "PreloadImages(...);"
$search = '|'.'(?<='.'PreloadImages'.'\('.')'."([^)]+?)".'(?='.'\);'.')'.'|se';
@@ -1775,9 +1775,16 @@ function adjust_media_urls() {
} // end class
+function hotpot_stripslashes($str) {
+ // strip slashes from double quotes, single quotes and back slashes
+ // the slashes were added by preg_replace() when using the "e" modifier
+ static $escapedchars = array('\\\\', '\\"', "\\'");
+ static $unescapedchars = array('\\', '"', "'");
+ return str_replace($escapedchars, $unescapedchars, $str);
+}
function hotpot_convert_stylesheets_urls($baseurl, $reference, $css, $stripslashes=true) {
if ($stripslashes) {
- $css = stripslashes($css);
+ $css = hotpot_stripslashes($css);
}
$search = '|'.'(?<='.'url'.'\('.')'."(.+?)".'(?='.'\)'.')'.'|ise';
$replace = "hotpot_convert_url('".$baseurl."','".$reference."','\\1')";
@@ -1785,7 +1792,7 @@ function hotpot_convert_stylesheets_urls($baseurl, $reference, $css, $stripslash
}
function hotpot_convert_preloadimages_urls($baseurl, $reference, $urls, $stripslashes=true) {
if ($stripslashes) {
- $urls = stripslashes($urls);
+ $urls = hotpot_stripslashes($urls);
}
$search = '|(?<=["'."'])([^,'".'"]*?)(?=["'."'])|ise";
$replace = "hotpot_convert_url('".$baseurl."','".$reference."','\\1')";
@@ -1795,7 +1802,7 @@ function hotpot_convert_navbutton_url($baseurl, $reference, $url, $course, $stri
global $CFG;
if ($stripslashes) {
- $url = stripslashes($url);
+ $url = hotpot_stripslashes($url);
}
$url = hotpot_convert_url($baseurl, $reference, $url, false);
@@ -1812,9 +1819,9 @@ function hotpot_convert_navbutton_url($baseurl, $reference, $url, $course, $stri
function hotpot_convert_relative_url($baseurl, $reference, $opentag, $url, $closetag, $stripslashes=true) {
if ($stripslashes) {
- $opentag = stripslashes($opentag);
- $url = stripslashes($url);
- $closetag = stripslashes($closetag);
+ $opentag = hotpot_stripslashes($opentag);
+ $url = hotpot_stripslashes($url);
+ $closetag = hotpot_stripslashes($closetag);
}
// catch
@@ -1859,7 +1866,7 @@ function hotpot_convert_url($baseurl, $reference, $url, $stripslashes=true) {
static $HOTPOT_RELATIVE_URLS = array();
if ($stripslashes) {
- $url = stripslashes($url);
+ $url = hotpot_stripslashes($url);
}
// is this an absolute url? (or javascript pseudo url)