Restore Wiki Page
Restoring a Wiki Page with content containing single quotes fails without notice.
Reason: the parameters passed in into restore_wikipage are not properly escaped.
Updated by Yoselyn Castillo over 6 years ago
- Status changed from New to Needs more info
Well, I have tested in my local pc
I have created a wiki in a course
The content is "Hello World"
I have made a backup of this course
I have successfully restored this backup into other course
The wiki in the course contains "Hello World" too
I have no seen the bug
Can you tell me how can i reproduce it, or if you mark any other option, configuration etc?
Updated by Kris Sinnaeve over 6 years ago
Why don't you just properly escape the parameters passed in? As it's a restoration function, you don't want to have the data possibly changed.
I would suggest to use Database::escape_string() instead of api_html_entity_decode(). This should be database independent too.
Updated by Yannick Warnier about 6 years ago
- % Done changed from 50 to 60
I agree with Kris that these calls should be more o the Apache type, so please make sure we don't call htmlentities and that each of these calls are replaced by either htmlentities (if effectively just to print to screen) or by escape_string() if this goes to a database.
Updated by Daniel Barreto almost 6 years ago
- Status changed from Needs testing to Bug resolved
- % Done changed from 60 to 100
Tested and working.
In course A, created a wiki page whit single quotes in title and contain of page
created a backup from this course A
imported this backup into course B
Checked and the wiki pages are equal