Permalink
Browse files

MDL-41820 XSS in the quiz responses report.

Thanks to Michael Hess for finding this bug and reporting it to us.
  • Loading branch information...
1 parent 919efdf commit 6917b452bf5c74cedcd984d653e4d4c9270c800f @timhunt timhunt committed with danpoltawski Sep 17, 2013
Showing with 5 additions and 0 deletions.
  1. +5 −0 mod/quiz/report/responses/responses_table.php
@@ -97,6 +97,11 @@ public function data_col($slot, $field, $attempt) {
$summary = trim($stepdata->$field);
}
+ if ($this->is_downloading() && $this->is_downloading() != 'xhtml') {
+ return $summary;
+ }
+ $summary = s($summary);
+
if ($this->is_downloading() || $field != 'responsesummary') {
return $summary;
}

0 comments on commit 6917b45

Please sign in to comment.