Gradebook eval: add remove_xss

Author: jmontoyaa

Diff for: main/gradebook/lib/fe/displaygradebook.php

@@ -85,7 +85,7 @@ public static function display_header_result($evalobj, $selectcat, $page)
 
         $description = '';
         if ('' == !$evalobj->get_description()) {
-            $description = get_lang('Description').' :<b> '.$evalobj->get_description().'</b><br>';
+            $description = get_lang('Description').' :<b> '.Security::remove_XSS($evalobj->get_description()).'</b><br>';
         }
 
         if ($evalobj->get_course_code() == null) {
@@ -95,7 +95,7 @@ public static function display_header_result($evalobj, $selectcat, $page)
         }
 
         $evalinfo = '<table width="100%" border="0"><tr><td>';
-        $evalinfo .= '<h2>'.$evalobj->get_name().'</h2><hr>';
+        $evalinfo .= '<h2>'.Security::remove_XSS($evalobj->get_name()).'</h2><hr>';
         $evalinfo .= $description;
         $evalinfo .= get_lang('Course').' :<b> '.$course.'</b><br />';
         if (empty($model)) {

Diff for: main/gradebook/lib/fe/evalform.class.php

@@ -577,7 +577,7 @@ private function build_basic_form($edit = 0)
                                 $select_gradebook->addOption(get_lang('Default'), $my_cat->get_id());
                                 $cats_added[] = $my_cat->get_id();
                             } else {
-                                $select_gradebook->addOption($my_cat->get_name(), $my_cat->get_id());
+                                $select_gradebook->addOption(Security::remove_XSS($my_cat->get_name()), $my_cat->get_id());
                                 $cats_added[] = $my_cat->get_id();
                             }
                         } else {

Diff for: main/gradebook/lib/fe/gradebooktable.class.php

@@ -423,10 +423,11 @@ public function get_table_data($from = 1, $per_page = null, $column = null, $dir
 
                 // Name.
                 if ('Category' === get_class($item)) {
-                    $row[] = $invisibility_span_open.'<strong>'.Security::remove_XSS($item->get_name()).'</strong>'.$invisibility_span_close;
+                    $row[] = $invisibility_span_open.
+                        '<strong>'.Security::remove_XSS($item->get_name()).'</strong>'.$invisibility_span_close;
                     $main_categories[$item->get_id()]['name'] = $item->get_name();
                 } else {
-                    $name = $this->build_name_link($item, $type);
+                    $name = Security::remove_XSS($this->build_name_link($item, $type));
                     $row[] = $invisibility_span_open.$name.$invisibility_span_close;
                     $main_categories[$item->get_id()]['name'] = $name;
                 }
@@ -622,7 +623,7 @@ public function get_table_data($from = 1, $per_page = null, $column = null, $dir
                             $row[] = $this->build_type_column($item, ['style' => 'padding-left:5px']);
                             // Name.
                             $row[] = $invisibility_span_open.'&nbsp;&nbsp;&nbsp; '.
-                                $this->build_name_link($item, $type, 4).$invisibility_span_close;
+                                Security::remove_XSS($this->build_name_link($item, $type, 4)).$invisibility_span_close;
 
                             // Description.
                             if (false == $this->exportToPdf) {

Diff for: main/gradebook/lib/fe/resulttable.class.php

@@ -26,7 +26,7 @@ class ResultTable extends SortableTable
      */
     public function __construct(
         $evaluation,
-        $results = [],
+        $results,
         $iscourse,
         $addparams = [],
         $forprint = false