@@ -86,11 +86,7 @@ function storage_get($sv_user, $sv_course, $sv_sco, $sv_key)
8686 $ resquery ($ sql
8787 if (Database::num_rows ($ res0 ) {
8888 $ rowfetch_assoc ($ res
89- if (get_magic_quotes_gpc ()) {
90- return stripslashes ($ row'sv_value ' ]);
91- } else {
92- return $ row'sv_value ' ];
93- }
89+ return Security::remove_XSS ($ row'sv_value ' ]);
9490 } else {
9591 return null ;
9692 }
@@ -125,6 +121,7 @@ function storage_get_leaders($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $s
125121 // if ($dataRow["user_id"] = $row["user_id"])
126122 // $row["values"][$dataRow["variable"]] = $dataRow["value"];
127123 // }
124+ $ row'sv_value ' ] = Security::remove_XSS ($ row'sv_value ' ]);
128125 $ result$ row
129126 }
130127
@@ -177,9 +174,8 @@ function storage_getall($sv_user, $sv_course, $sv_sco)
177174 $ resquery ($ sql
178175 $ data
179176 while ($ rowfetch_assoc ($ res
180- if (get_magic_quotes_gpc ()) {
181- $ row'sv_value ' ] = stripslashes ($ row'sv_value ' ]);
182- }
177+ $ row'sv_value ' ] = Security::remove_XSS ($ row'sv_value ' ]);
178+ $ row'sv_key ' ] = Security::remove_XSS ($ row'sv_key ' ]);
183179 $ data$ row
184180 }
185181
@@ -240,11 +236,7 @@ function storage_stack_pop($sv_user, $sv_course, $sv_sco, $sv_key)
240236 $ resdeletequery ($ sqldelete
241237 if ($ resselect$ resdelete
242238 Database::query ("commit " );
243- if (get_magic_quotes_gpc ()) {
244- return stripslashes ($ rowselect'sv_value ' ]);
245- } else {
246- return $ rowselect'sv_value ' ];
247- }
239+ return Security::remove_XSS ($ rowselect'sv_value ' ]);
248240 } else {
249241 Database::query ("rollback " );
250242
@@ -290,9 +282,7 @@ function storage_stack_getall($sv_user, $sv_course, $sv_sco, $sv_key)
290282 $ resquery ($ sql
291283 $ results
292284 while ($ rowfetch_assoc ($ res
293- if (get_magic_quotes_gpc ()) {
294- $ row'value ' ] = stripslashes ($ row'value ' ]);
295- }
285+ $ row'value ' ] = Security::remove_XSS ($ row'value ' ]);
296286 $ results$ row
297287 }
298288
0 commit comments