MDL-81267 mod_data: Clean field type before inclusion

* Filter out wrong field types when restoring or creating a field.

mod/data/backup/moodle2/restore_data_stepslib.php

@@ -87,6 +87,7 @@ class restore_data_activity_structure_step extends restore_activity_structure_st
         $oldid = $data->id;
 
         $data->dataid = $this->get_new_parentid('data');
+        $data->type = clean_param($data->type, PARAM_ALPHA);
 
         // insert the data_fields record
         $newitemid = $DB->insert_record('data_fields', $data);

mod/data/lib.php

@@ -951,6 +951,7 @@ function data_get_field_from_id($fieldid, $data){
 function data_get_field_new($type, $data) {
     global $CFG;
 
+    $type = clean_param($type, PARAM_ALPHA);
     $filepath = $CFG->dirroot.'/mod/data/field/'.$type.'/field.class.php';
     // It should never access this method if the subfield class doesn't exist.
     if (!file_exists($filepath)) {
@@ -978,6 +979,7 @@ function data_get_field($field, $data, $cm=null) {
     if (!isset($field->type)) {
         return new data_field_base($field);
     }
+    $field->type = clean_param($field->type, PARAM_ALPHA);
     $filepath = $CFG->dirroot.'/mod/data/field/'.$field->type.'/field.class.php';
     if (!file_exists($filepath)) {
         return new data_field_base($field);

mod/data/locallib.php

@@ -983,6 +983,7 @@ function data_get_tag_title_field($dataid) {
         if ($field->addtemplateposition === false) {
             continue;
         }
+        $field->type = clean_param($field->type, PARAM_ALPHA);
         $filepath = $CFG->dirroot . '/mod/data/field/' . $field->type . '/field.class.php';
         if (!file_exists($filepath)) {
             continue;
@@ -1026,6 +1027,7 @@ function data_get_tag_title_for_entry($field, $entry) {
     if (!isset($field->type)) {
         return null;
     }
+    $field->type = clean_param($field->type, PARAM_ALPHA);
     $filepath = $CFG->dirroot . '/mod/data/field/' . $field->type . '/field.class.php';
     if (!file_exists($filepath)) {
         return null;