wait #3924 @0.5

diff --git a/app/Models/Quiz.php b/app/Models/Quiz.php
index 77947992ea88530b2abad32b85b762f59a4670d7..cadee935922ae0c2de577257c45cb040c3fe4a68 100644 (file)
--- a/app/Models/Quiz.php
+++ b/app/Models/Quiz.php
@@ -265,19 +265,19 @@ class Quiz extends CubistMagicAbstractModel
             $xq->addAttribute('count', $question['count_for_score'] ? '1' : '0');
             $xq->addAttribute('type', $question['type']);
             $xq->addAttribute('min_score', $question['min_score']);
-            $xq->addChild('label', $question['question']);
+            $xq->addChild('label', htmlspecialchars($question['question']));
             if ($question['type'] === 'multiple') {
                 $xas = $xq->addChild('answers');
                 foreach ($question['answers'] as $answer) {
-                    $xa = $xas->addChild('answer', $answer['answer']);
+                    $xa = $xas->addChild('answer', htmlspecialchars($answer['answer']));
                     if ($answer['correct']) {
                         $xa->addAttribute('correct', '1');
                     }
                 }
             } else {
-                $xq->addAttribute('placeholder', $question['placeholder']);
+                $xq->addAttribute('placeholder', htmlspecialchars($question['placeholder']));
             }
-            $xq->addChild('correction', $question['explaination']);
+            $xq->addChild('correction', htmlspecialchars($question['explaination']));
         }
         file_put_contents($dest . '/data.xml', tidy_repair_string($xml->asXML(), ['input-xml' => 1, 'indent' => 1, 'wrap' => 0]));