MDL-54877 mod_lti: Clean LTI tool type name and description on output

* Use clean_param() for name and description when displaying the tool type.
    Basically in the following functions:
    - serialise_tool_type()
    - lti_get_configured_types()
* Changed name and description's type from PARAM_TEXT to PARAM_RAW
    in tool update parameters.
* Changed name and description's type from PARAM_TEXT to PARAM_RAW
   in mod_lti_external::tool_type_return_structure()

mod/lti/classes/external.php

@@ -51,8 +51,8 @@ class mod_lti_external extends external_api {
         return new external_single_structure(
             array(
                 'id' => new external_value(PARAM_INT, 'Tool type id'),
-                'name' => new external_value(PARAM_TEXT, 'Tool type name'),
-                'description' => new external_value(PARAM_TEXT, 'Tool type description'),
+                'name' => new external_value(PARAM_NOTAGS, 'Tool type name'),
+                'description' => new external_value(PARAM_NOTAGS, 'Tool type description'),
                 'urls' => new external_single_structure(
                     array(
                         'icon' => new external_value(PARAM_URL, 'Tool type icon URL'),
@@ -812,8 +812,8 @@ class mod_lti_external extends external_api {
         return new external_function_parameters(
             array(
                 'id' => new external_value(PARAM_INT, 'Tool type id'),
-                'name' => new external_value(PARAM_TEXT, 'Tool type name', VALUE_DEFAULT, null),
-                'description' => new external_value(PARAM_TEXT, 'Tool type description', VALUE_DEFAULT, null),
+                'name' => new external_value(PARAM_RAW, 'Tool type name', VALUE_DEFAULT, null),
+                'description' => new external_value(PARAM_RAW, 'Tool type description', VALUE_DEFAULT, null),
                 'state' => new external_value(PARAM_INT, 'Tool type state', VALUE_DEFAULT, null)
             )
         );

mod/lti/locallib.php

@@ -1149,10 +1149,12 @@ function lti_get_configured_types($courseid, $sectionreturn = 0) {
         $type           = new stdClass();
         $type->modclass = MOD_CLASS_ACTIVITY;
         $type->name     = 'lti_type_' . $ltitype->id;
-        $type->title    = $ltitype->name;
+        // Clean the name. We don't want tags here.
+        $type->title    = clean_param($ltitype->name, PARAM_NOTAGS);
         $trimmeddescription = trim($ltitype->description);
         if ($trimmeddescription != '') {
-            $type->help     = $trimmeddescription;
+            // Clean the description. We don't want tags here.
+            $type->help     = clean_param($trimmeddescription, PARAM_NOTAGS);
             $type->helplink = get_string('modulename_shortcut_link', 'lti');
         }
         if (empty($ltitype->icon)) {
@@ -2491,11 +2493,18 @@ function get_tool_type_instance_ids($type) {
 function serialise_tool_type(stdClass $type) {
     $capabilitygroups = get_tool_type_capability_groups($type);
     $instanceids = get_tool_type_instance_ids($type);
-
+    // Clean the name. We don't want tags here.
+    $name = clean_param($type->name, PARAM_NOTAGS);
+    if (!empty($type->description)) {
+        // Clean the description. We don't want tags here.
+        $description = clean_param($type->description, PARAM_NOTAGS);
+    } else {
+        $description = get_string('editdescription', 'mod_lti');
+    }
     return array(
         'id' => $type->id,
-        'name' => $type->name,
-        'description' => isset($type->description) ? $type->description : get_string('editdescription', 'mod_lti'),
+        'name' => $name,
+        'description' => $description,
         'urls' => get_tool_type_urls($type),
         'state' => get_tool_type_state_info($type),
         'hascapabilitygroups' => !empty($capabilitygroups),