Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-46754

clean_param with PARAM_TEXT does not support less than character

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.4.11, 2.5.7, 2.6.4, 2.7.1
    • Fix Version/s: BACKEND
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide

      Using the test branch: https://github.com/gjb2048/moodle/tree/master_MDL-46754_test which adds this code: https://github.com/gjb2048/moodle/compare/master_MDL-46754_test

      1. Create a new topic format based course and enter the course.
      2. Observe that the output should be:

      clean_param('<',PARAM_TEXT): <
      clean_param('>',PARAM_TEXT): >
      clean_param('<',PARAM_RAW) : <
      clean_param('>',PARAM_RAW) : >

      Show
      Using the test branch: https://github.com/gjb2048/moodle/tree/master_MDL-46754_test which adds this code: https://github.com/gjb2048/moodle/compare/master_MDL-46754_test Create a new topic format based course and enter the course. Observe that the output should be: clean_param('<',PARAM_TEXT): < clean_param('>',PARAM_TEXT): > clean_param('<',PARAM_RAW) : < clean_param('>',PARAM_RAW) : >
    • Workaround:
      Hide

      In circumstances where less than symbols are required, use PARAM_RAW instead.

      Show
      In circumstances where less than symbols are required, use PARAM_RAW instead.
    • Affected Branches:
      MOODLE_24_STABLE, MOODLE_25_STABLE, MOODLE_26_STABLE, MOODLE_27_STABLE

      Description

      In moodlelib.php, the comment for PARAM_TEXT states:

      /**
       * PARAM_TEXT - general plain text compatible with multilang filter, no other html tags. Please note '<', or '>' are allowed here.
       */
      define('PARAM_TEXT',  'text');
      

      When calling 'clean_param' with text containing a less than character then no text is returned. To reproduce, with the code:

      echo '<h3>clean_param(\'<\',PARAM_TEXT): '.clean_param('<',PARAM_TEXT).'</h3>';
      echo '<h3>clean_param(\'>\',PARAM_TEXT): '.clean_param('>',PARAM_TEXT).'</h3>';
      echo '<h3>clean_param(\'<\',PARAM_RAW) : '.clean_param('<',PARAM_RAW).'</h3>';
      echo '<h3>clean_param(\'>\',PARAM_RAW) : '.clean_param('>',PARAM_RAW).'</h3>';
      

      the output is:

      clean_param('<',PARAM_TEXT):
      clean_param('>',PARAM_TEXT): >
      clean_param('<',PARAM_RAW) : <
      clean_param('>',PARAM_RAW) : >
      

      when it should be:

      clean_param('<',PARAM_TEXT): <
      clean_param('>',PARAM_TEXT): >
      clean_param('<',PARAM_RAW) : <
      clean_param('>',PARAM_RAW) : >
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: