Skip to content
Snippets Groups Projects
Commit 9c61fdd3 authored by Ben Fesili's avatar Ben Fesili
Browse files

Fixed potential XSS issue 

The index page doesn't sanitize the activity name upon retrieval from the database, allowing for potential XSS to take place
parent a1a2fa81
Branches
Tags v1.0.1
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
index.php
+ 1
0
View file @ 9c61fdd3
...@@ -128,6 +128,7 @@ foreach ($h5ps as $h5p) { ...@@ -128,6 +128,7 @@ foreach ($h5ps as $h5p) {
// Activity name. // Activity name.
$attrs = ($h5p->visible ? '' : ' class="dimmed"'); $attrs = ($h5p->visible ? '' : ' class="dimmed"');
$h5p->name = format_string($h5p->name);
$row[] = "<a href=\"view.php?id={$h5p->coursemodule}\"{$attrs}>{$h5p->name}</a>"; $row[] = "<a href=\"view.php?id={$h5p->coursemodule}\"{$attrs}>{$h5p->name}</a>";
// Activity type. // Activity type.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment