From 81ac2c863097bab6e606618be5b030c25cf072c9 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Sun, 23 Sep 2007 13:20:36 +0000
Subject: [PATCH] MDL-11414 fixed handling of log urls (problem reported by
 Andreas Nolden); backported from HEAD; fixing previous commit :-(

---
 course/lib.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/course/lib.php b/course/lib.php
index 297b11ed34247..9035bd11b1956 100644
--- a/course/lib.php
+++ b/course/lib.php
@@ -417,7 +417,7 @@ function print_log($course, $user=0, $date=0, $order="l.time ASC", $page=0, $per
 
         $log->url  = strip_tags(urldecode($log->url));   // Some XSS protection
         $log->info = strip_tags(urldecode($log->info));  // Some XSS protection
-        $log->url  = str_replace('&', '&amp;', $log->url); /// XHTML compatibility
+        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
 
         echo '<tr class="r'.$row.'">';
         if ($course->id == SITEID) {
@@ -509,7 +509,7 @@ function print_log_csv($course, $user, $date, $order='l.time DESC', $modname,
 
         $log->url  = strip_tags(urldecode($log->url));     // Some XSS protection
         $log->info = strip_tags(urldecode($log->info));    // Some XSS protection
-        $log->url  = s($log->url); /// XSS protection and XHTML compatibility - should be in link_to_popup_window() instead!!
+        $log->url  = str_replace('&', '&amp;', $log->url); /// XHTML compatibility
 
         $firstField = $courses[$log->course];
         $fullname = fullname($log, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));