MDL-27675 - Feedback module abuses data_submitted

mod/feedback/complete.php

@@ -507,11 +507,8 @@
                 //get the value
                 $frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
                 if (isset($savereturn)) {
-                    if (isset($formdata->{$frmvaluename})) {
-                        $value = $formdata->{$frmvaluename};
-                    } else {
-                        $value = null;
-                    }
+                    $value = isset($formdata->{$frmvaluename}) ? $formdata->{$frmvaluename} : null;
+                    $value = feedback_clean_input_value($feedbackitem, $value);
                 } else {
                     if (isset($feedbackcompletedtmp->id)) {
                         $value = feedback_get_item_value($feedbackcompletedtmp->id,
@@ -530,6 +527,7 @@
                     feedback_print_item_complete($feedbackitem, $value, $highlightrequired);
                     echo $OUTPUT->box_end();
                 }
+
                 echo $OUTPUT->box_end();
 
                 $lastbreakposition = $feedbackitem->position; //last item-pos (item or pagebreak)

mod/feedback/complete_guest.php

@@ -441,13 +441,10 @@
                 echo $OUTPUT->box_start('feedback_item_box_'.$align.$dependstyle);
                 $value = '';
                 //get the value
-                $frmvaluename = $feedbackitem->typ.'_'.$feedbackitem->id;
+                $frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
                 if (isset($savereturn)) {
-                    if (isset($formdata->{$frmvaluename})) {
-                        $value = $formdata->{$frmvaluename};
-                    } else {
-                        $value = null;
-                    }
+                    $value = isset($formdata->{$frmvaluename}) ? $formdata->{$frmvaluename} : null;
+                    $value = feedback_clean_input_value($feedbackitem, $value);
                 } else {
                     if (isset($feedbackcompletedtmp->id)) {
                         $value = feedback_get_item_value($feedbackcompletedtmp->id,
@@ -466,6 +463,7 @@
                     feedback_print_item_complete($feedbackitem, $value, $highlightrequired);
                     echo $OUTPUT->box_end();
                 }
+
                 echo $OUTPUT->box_end();
 
                 $lastbreakposition = $feedbackitem->position; //last item-pos (item or pagebreak)

mod/feedback/item/captcha/lib.php

@@ -326,4 +326,8 @@ public function get_hasvalue() {
     public function can_switch_require() {
         return false;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_RAW);
+    }
 }

mod/feedback/item/feedback_item_class.php

@@ -128,6 +128,14 @@ abstract public function print_item_complete($item, $value = '', $highlightrequi
      */
     abstract public function print_item_show_value($item, $value = '');
 
+    /**     
+     * cleans the userinput while submitting the form
+     *
+     * @param mixed $value
+     * @return mixed
+     */
+    abstract function clean_input_value($value);
+
 }
 
 //a dummy class to realize pagebreaks
@@ -175,7 +183,7 @@ public function print_item_show_value($item, $value = '') {
     }
     public function can_switch_require() {
     }
+    public function clean_input_value($value) {
+    }
 
 }
-
-

mod/feedback/item/info/lib.php

@@ -388,4 +388,8 @@ public function get_hasvalue() {
     public function can_switch_require() {
         return false;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_INT);
+    }
 }

mod/feedback/item/label/lib.php

@@ -270,4 +270,7 @@ public function get_printval($item, $value) {
     }
     public function get_analysed($item, $groupid = false, $courseid = false) {
     }
+    public function clean_input_value($value) {
+        return '';
+    }
 }

mod/feedback/item/multichoice/lib.php

@@ -826,4 +826,12 @@ public function value_type() {
     public function value_is_array() {
         return true;
     }
+
+    function can_switch_require() {
+        return true;
+    }
+
+    function clean_input_value($value) {
+        return clean_param_array($value, PARAM_INT);
+    }
 }

mod/feedback/item/multichoicerated/lib.php

@@ -678,4 +678,7 @@ public function can_switch_require() {
         return true;
     }
 
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_INT);
+    }
 }

mod/feedback/item/numeric/lib.php

@@ -534,4 +534,8 @@ public function get_hasvalue() {
     public function can_switch_require() {
         return true;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_FLOAT);
+    }
 }

mod/feedback/item/textarea/lib.php

@@ -333,4 +333,8 @@ public function get_hasvalue() {
     public function can_switch_require() {
         return true;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_CLEANHTML);
+    }
 }

mod/feedback/item/textfield/lib.php

@@ -320,4 +320,8 @@ public function get_hasvalue() {
     public function can_switch_require() {
         return true;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_CLEANHTML);
+    }
 }

mod/feedback/lib.php

@@ -2058,6 +2058,17 @@ function feedback_get_page_to_continue($feedbackid, $courseid = false, $guestid
 //functions to handle the values
 ////////////////////////////////////////////////
 
+/**     
+ * cleans the userinput while submitting the form.
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+function feedback_clean_input_value($item, $value) {
+    $itemobj = feedback_get_item_class($item->typ);
+    return $itemobj->clean_input_value($value);
+}
+
 /**
  * this saves the values of an completed.
  * if the param $tmp is set true so the values are saved temporary in table feedback_valuetmp.