From d50a9a9d30ae324c465e533d34ae705897817228 Mon Sep 17 00:00:00 2001
From: Nigel Cunningham <nigelc@catalyst-au.net>
Date: Mon, 2 May 2016 15:13:20 +1000
Subject: [PATCH] MDL-54010 roles: Fix missing HTMLspecialchars in role export
 code.

Role name and description fields are currently not escaped when
exporting a role. This results in an unusable file when characters
such as ampersands are used in a name or description. Fix this by
using htmlspecialchars on both fields.

Signed-off-by: Nigel Cunningham <nigelc@catalyst-au.net>
---
 admin/roles/classes/preset.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin/roles/classes/preset.php b/admin/roles/classes/preset.php
index 85904eb126a27..45a68a7bfcf2f 100644
--- a/admin/roles/classes/preset.php
+++ b/admin/roles/classes/preset.php
@@ -71,8 +71,8 @@ public static function get_export_xml($roleid) {
         $dom->appendChild($top);
 
         $top->appendChild($dom->createElement('shortname', $role->shortname));
-        $top->appendChild($dom->createElement('name', $role->name));
-        $top->appendChild($dom->createElement('description', $role->description));
+        $top->appendChild($dom->createElement('name', htmlspecialchars($role->name)));
+        $top->appendChild($dom->createElement('description', htmlspecialchars($role->description)));
         $top->appendChild($dom->createElement('archetype', $role->archetype));
 
         $contextlevels = $dom->createElement('contextlevels');