Commit c24ccb84 authored by Richard Mansfield's avatar Richard Mansfield Committed by Hugh Davenport
Browse files

Json-encode login form when injected by js (bug #1009784)



Change-Id: Ia81053332cfa9e0f79268031795af8d34b45ff78
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 72f42f7e
......@@ -1174,7 +1174,7 @@ function auth_get_login_form() {
* @private
*/
function get_login_form_js($form) {
$form = str_replace('/', '\/', str_replace("'", "\'", (str_replace(array("\n", "\t"), '', $form))));
$form = json_encode($form);
$strcookiesnotenabled = json_encode(get_string('cookiesnotenabled'));
$cookiename = get_config('cookieprefix') . 'ctest';
$js = <<< EOF
......@@ -1182,7 +1182,7 @@ function get_login_form_js($form) {
var loginbox = $('loginform_container');
document.cookie = "$cookiename=1";
if (document.cookie) {
loginbox.innerHTML = '$form';
loginbox.innerHTML = $form;
document.cookie = '$cookiename=1;expires=1/1/1990 00:00:00';
}
else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment