Merged in fixes for MDL-8375 from MOODLE_17_STABLE

diff --git a/mod/lesson/action/continue.php b/mod/lesson/action/continue.php
index 5c3c475989f942644e5eb5565fe0840512348660..ad3ed95ef8a54b30b453464185927528ecbadc3c 100644 (file)
--- a/mod/lesson/action/continue.php
+++ b/mod/lesson/action/continue.php
@@ -64,7 +64,7 @@
                 $noanswer = true;
                 break;
             }
-            $useranswer = clean_param($useranswer, PARAM_CLEAN);
+            $useranswer = clean_param($useranswer, PARAM_RAW);
         
             if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) {
                 error("Continue: No answers found");
@@ -82,7 +82,7 @@
             $userresponse->response = "";
             $userresponse = addslashes(serialize($userresponse));
             
-            $studentanswer = $useranswer;
+            $studentanswer = s(stripslashes_safe($useranswer));
             break;
          case LESSON_SHORTANSWER :
             if (!$useranswer = $_POST['answer']) {

diff --git a/mod/lesson/essay.php b/mod/lesson/essay.php
index 6cbbcb9c2ca0ecadd68a4da976efa65cc6b11096..72535e885f9ba8d1ebffbe5ae239b37cada02793 100644 (file)
--- a/mod/lesson/essay.php
+++ b/mod/lesson/essay.php
@@ -85,7 +85,7 @@
 
                 $essayinfo->graded = 1;
                 $essayinfo->score = clean_param($form->score, PARAM_INT);
-                $essayinfo->response = stripslashes_safe($form->response);
+                $essayinfo->response = stripslashes_safe(clean_param($form->response, PARAM_RAW));
                 $essayinfo->sent = 0;
                 if (!$lesson->custom && $essayinfo->score == 1) {
                     $attempt->correct = 1;
@@ -179,9 +179,9 @@
                     
                     // Set rest of the message values
                     $a->question = format_text($pages[$attempt->pageid]->contents, FORMAT_MOODLE, $options);
-                    $a->response = format_text(stripslashes($essayinfo->answer));
+                    $a->response = s(stripslashes_safe($essayinfo->answer));
                     $a->teacher  = $course->teacher;
-                    $a->comment  = format_text(stripslashes($essayinfo->response), FORMAT_MOODLE, $options);
+                    $a->comment  = s($essayinfo->response);
                     
                     
                     // Fetch message HTML and plain text formats
@@ -320,7 +320,7 @@
             $essayinfo = unserialize($attempt->useranswer);
             
             $table->head = array(get_string('studentresponse', 'lesson', fullname($user, true)));
-            $table->data[] = array(format_text(stripslashes($essayinfo->answer)));
+            $table->data[] = array(s(stripslashes_safe($essayinfo->answer)));
 
             print_table($table);
 
@@ -328,7 +328,7 @@
 
             // Now a response box and grade drop-down for grader
             $table->head = array(get_string('comments', 'lesson'));
-            $table->data[] = array(print_textarea(false, 15, 60, 0, 0, 'response', format_text($essayinfo->response, FORMAT_PLAIN, $options), $course->id, true));
+            $table->data[] = array(print_textarea(false, 15, 60, 0, 0, 'response', $essayinfo->response, $course->id, true));
             $options = array();
             if ($lesson->custom) {
                 for ($i=$answer->score; $i>=0; $i--) {

diff --git a/mod/lesson/report.php b/mod/lesson/report.php
index 0f3543af35a9d2a44d7c1804f7fc6d6a08984b1e..18ed7102cd62f2c32b449aa6186457f2fdd571fb 100644 (file)
--- a/mod/lesson/report.php
+++ b/mod/lesson/report.php
@@ -732,7 +732,7 @@
                                 if ($essayinfo->response == NULL) {
                                     $answerdata->response = get_string("nocommentyet", "lesson");
                                 } else {
-                                    $answerdata->response = $essayinfo->response;
+                                    $answerdata->response = s($essayinfo->response);
                                 }
                                 if (isset($pagestats[$page->id])) {
                                     $percent = $pagestats[$page->id]->totalscore / $pagestats[$page->id]->total * 100;
@@ -765,7 +765,7 @@
                                 // dont think this should ever be reached....
                                 $avescore = get_string("nooneansweredthisquestion", "lesson");
                             }
-                            $answerdata->answers[] = array($essayinfo->answer, $avescore);
+                            $answerdata->answers[] = array(s(stripslashes_safe($essayinfo->answer)), $avescore);
                             break;
                         case LESSON_BRANCHTABLE :
                             $data = "<input type=\"button\" name=\"$answer->id\" value=\"".strip_tags(format_text($answer->answer, FORMAT_MOODLE,$formattextdefoptions))."\" disabled=\"disabled\"> ";

diff --git a/mod/lesson/view.php b/mod/lesson/view.php
index 6306358dc204732384d76d4b87a52cc9c7c753aa..044b99ba3b6668c11b094dcbb3fd247ef38c04fb 100644 (file)
--- a/mod/lesson/view.php
+++ b/mod/lesson/view.php
@@ -733,7 +733,7 @@
                 case LESSON_ESSAY :
                     if (isset($USER->modattempts[$lesson->id])) {
                         $essayinfo = unserialize($attempt->useranswer);
-                        $value = $essayinfo->answer;
+                        $value = s(stripslashes_safe($essayinfo->answer));
                     } else {
                         $value = "";
                     }