mirror of
https://github.com/moodle/moodle.git
synced 2025-04-21 00:12:56 +02:00
MDL-23184 using PARAM_NOTAGS instead of general cleaning for fields that are not supposed to have tags
This commit is contained in:
Petr Skoda
parent
484a976522
commit
93de0ac293
@ -235,7 +235,7 @@ class admin_uploaduser_form2 extends moodleform {
|
||||
$mform->setAdvanced('url');
|
||||
|
||||
$mform->addElement('text', 'idnumber', get_string('idnumber'), 'maxlength="64" size="25"');
|
||||
$mform->setType('idnumber', PARAM_CLEAN);
|
||||
$mform->setType('idnumber', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'institution', get_string('institution'), 'maxlength="40" size="25"');
|
||||
$mform->setType('institution', PARAM_MULTILANG);
|
||||
@ -246,11 +246,11 @@ class admin_uploaduser_form2 extends moodleform {
|
||||
$mform->setDefault('department', $templateuser->department);
|
||||
|
||||
$mform->addElement('text', 'phone1', get_string('phone'), 'maxlength="20" size="25"');
|
||||
$mform->setType('phone1', PARAM_CLEAN);
|
||||
$mform->setType('phone1', PARAM_NOTAGS);
|
||||
$mform->setAdvanced('phone1');
|
||||
|
||||
$mform->addElement('text', 'phone2', get_string('phone2'), 'maxlength="20" size="25"');
|
||||
$mform->setType('phone2', PARAM_CLEAN);
|
||||
$mform->setType('phone2', PARAM_NOTAGS);
|
||||
$mform->setAdvanced('phone2');
|
||||
|
||||
$mform->addElement('text', 'address', get_string('address'), 'maxlength="70" size="25"');
|
||||
|
||||
@ -267,22 +267,22 @@ function useredit_shared_definition(&$mform, $editoroptions = null) {
|
||||
$mform->setType('url', PARAM_URL);
|
||||
|
||||
$mform->addElement('text', 'icq', get_string('icqnumber'), 'maxlength="15" size="25"');
|
||||
$mform->setType('icq', PARAM_CLEAN);
|
||||
$mform->setType('icq', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'skype', get_string('skypeid'), 'maxlength="50" size="25"');
|
||||
$mform->setType('skype', PARAM_CLEAN);
|
||||
$mform->setType('skype', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'aim', get_string('aimid'), 'maxlength="50" size="25"');
|
||||
$mform->setType('aim', PARAM_CLEAN);
|
||||
$mform->setType('aim', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'yahoo', get_string('yahooid'), 'maxlength="50" size="25"');
|
||||
$mform->setType('yahoo', PARAM_CLEAN);
|
||||
$mform->setType('yahoo', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'msn', get_string('msnid'), 'maxlength="50" size="25"');
|
||||
$mform->setType('msn', PARAM_CLEAN);
|
||||
$mform->setType('msn', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'idnumber', get_string('idnumber'), 'maxlength="255" size="25"');
|
||||
$mform->setType('idnumber', PARAM_CLEAN);
|
||||
$mform->setType('idnumber', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'institution', get_string('institution'), 'maxlength="40" size="25"');
|
||||
$mform->setType('institution', PARAM_MULTILANG);
|
||||
@ -291,10 +291,10 @@ function useredit_shared_definition(&$mform, $editoroptions = null) {
|
||||
$mform->setType('department', PARAM_MULTILANG);
|
||||
|
||||
$mform->addElement('text', 'phone1', get_string('phone'), 'maxlength="20" size="25"');
|
||||
$mform->setType('phone1', PARAM_CLEAN);
|
||||
$mform->setType('phone1', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'phone2', get_string('phone2'), 'maxlength="20" size="25"');
|
||||
$mform->setType('phone2', PARAM_CLEAN);
|
||||
$mform->setType('phone2', PARAM_NOTAGS);
|
||||
|
||||
$mform->addElement('text', 'address', get_string('address'), 'maxlength="70" size="25"');
|
||||
$mform->setType('address', PARAM_MULTILANG);
|
||||
|
||||
@ -16,8 +16,8 @@
|
||||
$perpage = optional_param('perpage', DEFAULT_PAGE_SIZE, PARAM_INT); // how many per page
|
||||
$mode = optional_param('mode', NULL); // use the MODE_ constants
|
||||
$accesssince = optional_param('accesssince',0,PARAM_INT); // filter by last access. -1 = never
|
||||
$search = optional_param('search','',PARAM_CLEAN);
|
||||
$roleid = optional_param('roleid', 0, PARAM_INT); // optional roleid, 0 menas all enrolled users (or all on the frontpage)
|
||||
$search = optional_param('search','',PARAM_RAW); // make sure it is processed with p() or s() when sending to output!
|
||||
$roleid = optional_param('roleid', 0, PARAM_INT); // optional roleid, 0 means all enrolled users (or all on the frontpage)
|
||||
|
||||
$contextid = optional_param('contextid', 0, PARAM_INT); // one of this or
|
||||
$courseid = optional_param('id', 0, PARAM_INT); // this are required
|
||||
|
||||
@ -5,7 +5,7 @@ class profile_define_textarea extends profile_define_base {
|
||||
function define_form_specific(&$form) {
|
||||
/// Default data
|
||||
$form->addElement('editor', 'defaultdata', get_string('profiledefaultdata', 'admin'));
|
||||
$form->setType('defaultdata', PARAM_CLEAN);
|
||||
$form->setType('defaultdata', PARAM_RAW); // we have to trust person with capability to edit this default description
|
||||
}
|
||||
|
||||
function define_editors() {
|
||||
|
||||
@ -8,7 +8,7 @@ class profile_field_textarea extends profile_field_base {
|
||||
|
||||
/// Create the form field
|
||||
$mform->addElement('editor', $this->inputname, format_string($this->field->name), null, null);
|
||||
$mform->setType($this->inputname, PARAM_CLEAN);
|
||||
$mform->setType($this->inputname, PARAM_RAW); // we MUST clean this before display!
|
||||
}
|
||||
|
||||
/// Overwrite base class method, data in this field type is potentially too large to be
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user