Procházet zdrojové kódy

Update 'iassign_form.php'

1.5.1 2020/01/21
 *   + Filter 'addslach(.)' to avoid ' and " close JavaScript command and verify if field 'grade' in JS is 'undefined'
leo před 5 roky
rodič
revize
27550f90dd
1 změnil soubory, kde provedl 9 přidání a 5 odebrání
  1. 9 5
      iassign_form.php

+ 9 - 5
iassign_form.php

@@ -5,6 +5,8 @@
  * 
  * 
  * Release Notes:
+ * - v 1.5.1 2020/01/21
+ *   + Filter 'addslach(.)' to avoid ' and " close command JavaScript and verify if field 'grade' in JS is 'undefined'
  * - v 1.5 2013/09/19
  *   + Insert function for validation form (mod_iassign_form::validation).
  *   + Fix bugs in download exercise file.
@@ -76,7 +78,7 @@ class mod_iassign_form extends moodleform {
     $name_iassigns = "";
     if ($iassigns) {
       foreach ($iassigns as $iassign) {
-        $name_iassigns .= "'" . $iassign->name . "',";
+        $name_iassigns .= "'" . addslashes($iassign->name) . "',"; // if the name has ' it implies close JavaScript string => error!
         }
       }
     $name_iassigns .= "''";
@@ -95,10 +97,12 @@ class mod_iassign_form extends moodleform {
    document.forms['mform1'].filename.disabled=1;  
 
    if (document.forms['mform1'].type_iassign.value==1) {
-     document.forms['mform1'].grade.style.display='none';
+     if (typeof document.forms['mform1'].grade === 'undefined') ; // do nothing
+     else document.forms['mform1'].grade.style.display='none';
      document.forms['mform1'].max_experiment.style.display='none';
    } else {
-     document.forms['mform1'].grade.style.display='block';
+     if (typeof document.forms['mform1'].grade === 'undefined') ; // do nothing
+     else document.forms['mform1'].grade.style.display='block';
      document.forms['mform1'].max_experiment.style.display='block';
      }
 
@@ -123,7 +127,7 @@ class mod_iassign_form extends moodleform {
 
   function confirm_name (name) {
     var i;
-    var names = new Array($name_iassigns);
+    var names = new Array(" . $name_iassigns . ");
     for (i=0;i<names.length;i++) {
        if (names[i]==name)
          alert('" . $error_name . "');
@@ -510,4 +514,4 @@ class mod_iassign_form extends moodleform {
     return $errors;
     } // function validation($data, $files)
 
-  } // class mod_iassign_form extends moodleform
+  } // class mod_iassign_form extends moodleform