From 2dfd0118ffc5001fae32208e2d543265d516c8bf Mon Sep 17 00:00:00 2001
From: Matheus Zych <mzych@databay.de>
Date: Mon, 2 Mar 2026 08:41:39 +0100
Subject: [PATCH] TestQuestionPool: Escape long menu template values

See: https://mantis.ilias.de/view.php?id=47211

Gap answers that contained double quotes were injected verbatim into HTML attributes for the long-menu preview, which broke markup and prevented reliable evaluation of the learner selection. `assLongMenuGUI` now escapes solution text and option values with `htmlspecialchars(..., ENT_QUOTES | ENT_SUBSTITUTE, 'utf-8')` and compares the learner answer to options with `===` when marking the selected entry.
---
 .../classes/class.assLongMenuGUI.php                 | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/components/ILIAS/TestQuestionPool/classes/class.assLongMenuGUI.php b/components/ILIAS/TestQuestionPool/classes/class.assLongMenuGUI.php
index 15210292822a..390a16855f2e 100755
--- a/components/ILIAS/TestQuestionPool/classes/class.assLongMenuGUI.php
+++ b/components/ILIAS/TestQuestionPool/classes/class.assLongMenuGUI.php
@@ -593,7 +593,10 @@ private function getSelectGapTemplate($key, $answers, $user_value, $solution, $o
             if ($user_value == -1) {
                 $tpl->setVariable("SOLUTION", $this->lng->txt("please_select"));
             } else {
-                $tpl->setVariable('SOLUTION', $user_value);
+                $tpl->setVariable(
+                    'SOLUTION',
+                    $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform($user_value)
+                );
             }
             if ($graphical) {
                 $correctness_icon = $this->generateCorrectnessIconsForCorrectness(self::CORRECTNESS_NOT_OK);
@@ -607,8 +610,11 @@ private function getSelectGapTemplate($key, $answers, $user_value, $solution, $o
             $tpl->setVariable("PLEASE_SELECT", $this->lng->txt("please_select"));
             foreach ($answers as $value) {
                 $tpl->setCurrentBlock('select_option');
-                $tpl->setVariable('VALUE', $value);
-                if ($value == $user_value) {
+                $tpl->setVariable(
+                    'VALUE',
+                    $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform($value)
+                );
+                if ($value === $user_value) {
                     $tpl->setVariable('SELECTED', 'selected');
                 }
                 $tpl->parseCurrentBlock();