From 2d2018abda13b0ddec02caac50c1592eeccec332 Mon Sep 17 00:00:00 2001
From: Tim Hunt <T.J.Hunt@open.ac.uk>
Date: Wed, 6 Feb 2013 17:45:58 +0000
Subject: [PATCH] MDL-37896 qtype_essay: correct PARAM_CLEANHTML -> PARAM_RAW.

It turns out that you should almost never use PARAM_CLEANHTML.
---
 lib/moodlelib.php                   | 6 +++++-
 question/engine/questionattempt.php | 6 +++---
 question/type/essay/question.php    | 4 +---
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index cd7b102685c71..709e29c39bc08 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -116,7 +116,11 @@
 define('PARAM_CAPABILITY',   'capability');
 
 /**
- * PARAM_CLEANHTML - cleans submitted HTML code. use only for text in HTML format. This cleaning may fix xhtml strictness too.
+ * PARAM_CLEANHTML - cleans submitted HTML code. Note that you almost never want
+ * to use this. The normal mode of operation is to use PARAM_RAW when recieving
+ * the input (required/optional_param or formslib) and then sanitse the HTML
+ * using format_text on output. This is for the rare cases when you want to
+ * sanitise the HTML on input. This cleaning may also fix xhtml strictness.
  */
 define('PARAM_CLEANHTML', 'cleanhtml');
 
diff --git a/question/engine/questionattempt.php b/question/engine/questionattempt.php
index c4d6061220af1..a5a12d11eed33 100644
--- a/question/engine/questionattempt.php
+++ b/question/engine/questionattempt.php
@@ -64,7 +64,7 @@ class question_attempt {
      * @var string special value to indicate a response variable that is uploaded
      * files.
      */
-    const PARAM_CLEANHTML_FILES = 'paramcleanhtmlfiles';
+    const PARAM_RAW_FILES = 'paramrawfiles';
 
     /** @var integer if this attempts is stored in the question_attempts table, the id of that row. */
     protected $id = null;
@@ -888,8 +888,8 @@ public function get_submitted_var($name, $type, $postdata = null) {
             case self::PARAM_FILES:
                 return $this->process_response_files($name, $name, $postdata);
 
-            case self::PARAM_CLEANHTML_FILES:
-                $var = $this->get_submitted_var($name, PARAM_CLEANHTML, $postdata);
+            case self::PARAM_RAW_FILES:
+                $var = $this->get_submitted_var($name, PARAM_RAW, $postdata);
                 return $this->process_response_files($name, $name . ':itemid', $postdata, $var);
 
             default:
diff --git a/question/type/essay/question.php b/question/type/essay/question.php
index 270c65b770990..7fe4155d29944 100644
--- a/question/type/essay/question.php
+++ b/question/type/essay/question.php
@@ -55,9 +55,7 @@ public function get_format_renderer(moodle_page $page) {
 
     public function get_expected_data() {
         if ($this->responseformat == 'editorfilepicker') {
-            $expecteddata = array('answer' => question_attempt::PARAM_CLEANHTML_FILES);
-        } else if ($this->responseformat == 'editor') {
-            $expecteddata = array('answer' => PARAM_CLEANHTML);
+            $expecteddata = array('answer' => question_attempt::PARAM_RAW_FILES);
         } else {
             $expecteddata = array('answer' => PARAM_RAW);
         }