Commit c2cb5932 authored by Hugh Davenport's avatar Hugh Davenport Committed by Aaron Wells
Browse files

Escape institution_display_name correctly (Bug #1447377)



Institution names were not being escaped properly in the
accesslist.

This patch escapes them properly as well as clearing the
compiled cache for the templates where this problem occurs.

Change-Id: I2e675af0b84a3a7106e0245a5faa6ee2095a7e06
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent faad51b5
......@@ -3222,5 +3222,12 @@ function xmldb_core_upgrade($oldversion=0) {
set_config('cacheversion', rand(1000, 9999));
}
}
if ($oldversion < 2014032721) {
require_once(get_config('libroot').'dwoo/dwoo/Dwoo.php');
@unlink(get_config('dataroot') . 'dwoo/compile/default' . get_config('docroot') . 'theme/raw/' . 'templates/view/accesslistrow.tpl.d'.Dwoo::RELEASE_TAG.'.php');
@unlink(get_config('dataroot') . 'dwoo/compile/default' . get_config('docroot') . 'theme/raw/' . 'templates/admin/users/accesslistitem.tpl.d'.Dwoo::RELEASE_TAG.'.php');
}
return $status;
}
......@@ -973,7 +973,7 @@ function build_institutions_html($filter, $showdefault, $query, $limit, $offset,
}
function institution_display_name($name) {
return get_field('institution', 'displayname', 'name', $name);
return hsc(get_field('institution', 'displayname', 'name', $name));
}
/**
......
......@@ -15,7 +15,7 @@ $config = new stdClass();
// See https://wiki.mahara.org/index.php/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2014032720;
$config->version = 2014032721;
$config->series = '1.9';
$config->release = '1.9.6testing';
$config->minupgradefrom = 2009022600;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment