Security fix fixes. (2017-08-11)

(cherry picked from OHM commit f174c0bc30d29f7d6c28619fb387afc8ef70e335)
kreut · Sep 29, 2017 · c885bf8 · c885bf8
1 parent 763296c
commit c885bf8
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 11 deletions.
diff --git a/course/outcomereport.php b/course/outcomereport.php
@@ -158,7 +158,7 @@ function printOutcomeRow($arr,$isheader,$level,$stu=0) {
 			if (is_array($oi)) { //is outcome group
 				$gcnt++;
 				if ($isheader) {
-					$html .= '<th class="cat'.Sanitize::encodeStringForDisplay()$gcnt).'"><div><span class="cattothdr">'.Sanitize::encodeStringForDisplay($oi['name']).'</span></div></th>';
+					$html .= '<th class="cat'.Sanitize::encodeStringForDisplay($gcnt).'"><div><span class="cattothdr">'.Sanitize::encodeStringForDisplay($oi['name']).'</span></div></th>';
 					$sarr .= ',"N"';
 					list($subhtml,$subtots) = printOutcomeRow($oi['outcomes'],$isheader,$level.'-'.$k,$stu);
 					$html .= $subhtml;
@@ -322,7 +322,7 @@ function printOutcomeRow($arr,$isheader,$level,$stu=0) {
 
 	$ot = outcometable($stu);
 
-	echo "<div id=\"headercourse\" class=\"pagetitle\"><h2>"._("Outcomes Student Detail for: ").Sanitize::encodeStringForDisplay($ot[1][0][0)]."</h2></div>\n";
+	echo "<div id=\"headercourse\" class=\"pagetitle\"><h2>"._("Outcomes Student Detail for: ").Sanitize::encodeStringForDisplay($ot[1][0][0])."</h2></div>\n";
 	echo '<div class="cpmid">'.$typesel.'</div>';
 	echo '<table class="gb"><thead><tr><th>'._('Outcome').'</th>';
 

diff --git a/course/quickdrill.php b/course/quickdrill.php
@@ -254,7 +254,7 @@ function writesessiondata() {
 	if ($hours>0) { echo "$hours hours ";}
 	if ($minutes>0) { echo "$minutes minutes ";}
 	echo "$seconds seconds</p>";
-	echo "<p>Score:  ".Sanitize::onlyInt($curscore)." out of ".count($scores)." possible</p>";
+	echo "<p>Score:  ".Sanitize::onlyFloat($curscore)." out of ".count($scores)." possible</p>";
 	$addr = $GLOBALS['basesiteurl'] . "/course/quickdrill.php?id=$qsetid&cid=$cid&sa=$sa&n=$n$publica";
 	echo "<p><a href=\"$addr\">Again</a></p>";
 	if (!isset($sessiondata['drillresults'][$qsetid])) {
@@ -298,7 +298,7 @@ function writesessiondata() {
 		$cur = $cur - 60*$minutes;
 	} else {$minutes=0;}
 	$seconds = $cur;
-	echo "<p>Score:  ".Sanitize::onlyInt($curscore)." out of ".count($scores)." possible</p>";
+	echo "<p>Score:  ".Sanitize::onlyFloat($curscore)." out of ".count($scores)." possible</p>";
 	echo "<p>In ";
 	if ($hours>0) { echo "$hours hours ";}
 	if ($minutes>0) { echo "$minutes minutes ";}
@@ -315,7 +315,7 @@ function writesessiondata() {
 }
 
 if ($showscore) {
-	echo '<div class="review">Current score: '.Sanitize::onlyInt($curscore)." out of ".count($scores);
+	echo '<div class="review">Current score: '.Sanitize::onlyFloat($curscore)." out of ".count($scores);
 	echo '</div>';
 }
 if ($mode=='cntup' || $mode=='cntdown') {
@@ -380,7 +380,7 @@ function focusfirst() {
 <?php
 
 if ($page_scoreMsg != '' && $showscore) {
-	echo '<div class="review">Score on last question: '.Sanitize::encodeStringForDisplay($page_scoreMsg);
+	echo '<div class="review">Score on last question: '.$page_scoreMsg;
 	echo '</div>';
 }
 
@@ -506,7 +506,7 @@ function printscore($sc,$qsetid,$seed) {
 	}
 
 	$bar .= '<span class="scorebarinner" style="background-color:'.$color.';width:'.$w.'px;">&nbsp;</span></span> ';
-	return $bar . $out;
+	return $bar . Sanitize::encodeStringForDisplay($out);
 }
 
 function getpts($sc) {

diff --git a/course/reviewlibrary.php b/course/reviewlibrary.php
@@ -352,7 +352,7 @@
 		require("../assessment/displayq2.php");
 		if (isset($_POST['seed'])) {
 			list($score,$rawscores) = scoreq(0,$qsetid,$_POST['seed'],$_POST['qn0']);
-			$page_lastScore = "<p>Score on last answer: ".Sanitize::onlyInt($score)."/1</p>\n";
+			$page_lastScore = "<p>Score on last answer: ".Sanitize::onlyFloat($score)."/1</p>\n";
 		}
 
 		$twobx = ($lineQSet['qcontrol']=='' && $lineQSet['answer']=='');

diff --git a/forums/posthandler.php b/forums/posthandler.php
@@ -663,7 +663,7 @@ function addnewfile(t) {
 				echo "<input type=radio name=replyby id=replyby3 value=\"Date\" ";
 				if ($line['replyby']!==null && $line['replyby']<2000000000 && $line['replyby']>0) { echo "checked=1 ";}
 				echo "/> <label for=replyby3>Before:</label> ";
-				echo "<input type=text size=10 name=replybydate value=\"".Sanitize::encodeStringForDisplay($replybytime)."\" aria-label=\"reply by date\"/>";
+				echo "<input type=text size=10 name=replybydate value=\"".Sanitize::encodeStringForDisplay($replybydate)."\" aria-label=\"reply by date\"/>";
 				echo '<a href="#" onClick="displayDatePicker(\'replybydate\', this); return false">';
 				//echo "<A HREF=\"#\" onClick=\"cal1.select(document.forms[0].replybydate,'anchor3','MM/dd/yyyy',(document.forms[0].replybydate.value==$replybydate')?(document.forms[0].replyby.value):(document.forms[0].replyby.value)); return false;\" NAME=\"anchor3\" ID=\"anchor3\">
 				echo "<img src=\"../img/cal.gif\" alt=\"Calendar\"/></A>";

diff --git a/msgs/msghistory.php b/msgs/msghistory.php
@@ -90,6 +90,7 @@ function showtrimmed(el,n) {
 			$line['title'] = substr($line['title'],4);
 			$n++;
 		}
+		$line['title'] = Sanitize::encodeStringForDisplay($line['title']);
 		if ($n==1) {
 			$line['title'] = 'Re: '.$line['title'];
 		} else if ($n>1) {
@@ -272,7 +273,7 @@ function printchildren($base) {
 			echo "<input type=button id=\"buti$icnt\" value=\"Hide\" onClick=\"toggleitem($icnt)\">\n";
 
 			echo "</span>\n";
-			echo "<b>" . Sanitize::encodeStringForDisplay($subject[$child]) . "</b><br/>Posted by: ";
+			echo "<b>{$subject[$child]}</b><br/>Posted by: ";
 			if ($isteacher && $ownerid[$child]!=0) {
 				echo "<a href=\"mailto:" . Sanitize::emailAddress($email[$child]) . "\">";
 			} else if ($allowmsg && $ownerid[$child]!=0) {

diff --git a/msgs/sentlist.php b/msgs/sentlist.php
@@ -309,14 +309,15 @@ function chgfilter() {
 			$line['title'] = substr($line['title'],4);
 			$n++;
 		}
+		$line['title'] = Sanitize::encodeStringForDisplay($line['title']);
 		if ($n==1) {
 			$line['title'] = 'Re: '.$line['title'];
 		} else if ($n>1) {
 			$line['title'] = "Re<sup>$n</sup>: ".$line['title'];
 		}
 		echo "<tr><td><input type=checkbox name=\"checked[]\" value=\"".Sanitize::onlyInt($line['id'])."\"/></td><td>";
 		echo "<a href=\"viewmsg.php?page$page&cid=$cid&filtercid=$filtercid&filteruid=$filteruid&type=sent&msgid=".Sanitize::onlyInt($line['id'])."\">";
-		echo Sanitize::encodeStringForDisplay($line['title']);
+		echo $line['title'];
 		echo "</a></td>";
 		printf("<td>%s, %s</td>", Sanitize::encodeStringForDisplay($line['LastName']),
             Sanitize::encodeStringForDisplay($line['FirstName']));