Permalink
Browse files

MDL-41820 XSS in the quiz responses report.

Thanks to Michael Hess for finding this bug and reporting it to us.
  • Loading branch information...
1 parent 2116cfe commit 8f39e9f1afc64cd5b78bde61016c06e2232e945d @timhunt timhunt committed with danpoltawski Sep 17, 2013
Showing with 5 additions and 0 deletions.
  1. +5 −0 mod/quiz/report/responses/responses_table.php
@@ -97,6 +97,11 @@ public function data_col($slot, $field, $attempt) {
$summary = trim($stepdata->$field);
}
+ if ($this->is_downloading() && $this->is_downloading() != 'xhtml') {
+ return $summary;
+ }
+ $summary = s($summary);
+
if ($this->is_downloading() || $field != 'responsesummary') {
return $summary;
}

0 comments on commit 8f39e9f

Please sign in to comment.