Commit c24ccb84 authored by Richard Mansfield's avatar Richard Mansfield Committed by Hugh Davenport
Browse files

Json-encode login form when injected by js (bug #1009784)



Change-Id: Ia81053332cfa9e0f79268031795af8d34b45ff78
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 72f42f7e
...@@ -1174,7 +1174,7 @@ function auth_get_login_form() { ...@@ -1174,7 +1174,7 @@ function auth_get_login_form() {
* @private * @private
*/ */
function get_login_form_js($form) { function get_login_form_js($form) {
$form = str_replace('/', '\/', str_replace("'", "\'", (str_replace(array("\n", "\t"), '', $form)))); $form = json_encode($form);
$strcookiesnotenabled = json_encode(get_string('cookiesnotenabled')); $strcookiesnotenabled = json_encode(get_string('cookiesnotenabled'));
$cookiename = get_config('cookieprefix') . 'ctest'; $cookiename = get_config('cookieprefix') . 'ctest';
$js = <<< EOF $js = <<< EOF
...@@ -1182,7 +1182,7 @@ function get_login_form_js($form) { ...@@ -1182,7 +1182,7 @@ function get_login_form_js($form) {
var loginbox = $('loginform_container'); var loginbox = $('loginform_container');
document.cookie = "$cookiename=1"; document.cookie = "$cookiename=1";
if (document.cookie) { if (document.cookie) {
loginbox.innerHTML = '$form'; loginbox.innerHTML = $form;
document.cookie = '$cookiename=1;expires=1/1/1990 00:00:00'; document.cookie = '$cookiename=1;expires=1/1/1990 00:00:00';
} }
else { else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment