Commit 66efb9a7 authored by Hugh Davenport's avatar Hugh Davenport Committed by Aaron Wells
Browse files

Escape institution_display_name correctly (Bug #1447377)



Institution names were not being escaped properly in the
accesslist.

This patch escapes them properly as well as clearing the
compiled cache for the templates where this problem occurs.

Change-Id: I2e675af0b84a3a7106e0245a5faa6ee2095a7e06
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent bd57c522
......@@ -3880,5 +3880,11 @@ function xmldb_core_upgrade($oldversion=0) {
}
}
if ($oldversion < 2014092318) {
require_once(get_config('libroot').'dwoo/dwoo/Dwoo.php');
@unlink(get_config('dataroot') . 'dwoo/compile/default' . get_config('docroot') . 'theme/raw/' . 'templates/view/accesslistrow.tpl.d'.Dwoo::RELEASE_TAG.'.php');
@unlink(get_config('dataroot') . 'dwoo/compile/default' . get_config('docroot') . 'theme/raw/' . 'templates/admin/users/accesslistitem.tpl.d'.Dwoo::RELEASE_TAG.'.php');
}
return $status;
}
......@@ -977,7 +977,7 @@ function build_institutions_html($filter, $showdefault, $query, $limit, $offset,
}
function institution_display_name($name) {
return get_field('institution', 'displayname', 'name', $name);
return hsc(get_field('institution', 'displayname', 'name', $name));
}
/**
......
......@@ -16,8 +16,8 @@ $config = new stdClass();
// See https://wiki.mahara.org/index.php/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2014092317;
$config->release = '1.10.4testing';
$config->version = 2014092318;
$config->release = '1.10.5testing';
$config->series = '1.10';
$config->minupgradefrom = 2009022600;
$config->minupgraderelease = '1.1.0 (release tag 1.1.0_RELEASE)';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment