}
$comment->workshopid = $workshop->id;
$comment->elementno = $elementno;
- $comment->comments = $form->{"feedback_$elementno"};
+ $comment->comments = clean_param($form->{"feedback_$elementno"}, PARAM_CLEAN);
if (!(trim($comment->comments))) {
// no comment given - just redisplay assessment form
workshop_print_assessment($workshop, $assessment, true, true, $form->returnto);
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = $i;
- $element->feedback = $form->{"feedback_$i"};
+ $element->feedback = clean_param($form->{"feedback_$i"}, PARAM_CLEAN);
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
}
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = clean_param($key, PARAM_INT);
- $element->feedback = $form->{"feedback_$key"};
+ $element->feedback = clean_param($form->{"feedback_$key"}, PARAM_CLEAN);
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = $i;
- $element->feedback = $form->{"feedback_$i"};
+ $element->feedback = clean_param($form->{"feedback_$i"}, PARAM_CLEAN);
$element->grade = $form->grade[$i];
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = clean_param($key, PARAM_INT);
- $element->feedback = $form->{"feedback_$key"};
+ $element->feedback = clean_param($form->{"feedback_$key"}, PARAM_CLEAN);
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
// any comment?
if (!empty($form->generalcomment)) { // update the object (no need to update the db record)
- $assessment->generalcomment = $form->generalcomment;
+ $assessment->generalcomment = clean_param($form->generalcomment, PARAM_CLEAN);
}
// redisplay form, going back to original returnto address
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = $i;
- $element->feedback = $form->{"feedback_$i"};
+ $element->feedback = clean_param($form->{"feedback_$i"}, PARAM_CLEAN);
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
}
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = clean_param($key, PARAM_INT);
- $element->feedback = $form->{"feedback_$key"};
+ $element->feedback = clean_param($form->{"feedback_$key"}, PARAM_CLEAN);
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = $i;
- $element->feedback = $form->{"feedback_$i"};
+ $element->feedback = clean_param($form->{"feedback_$i"}, PARAM_CLEAN);
$element->grade = $form->grade[$i];
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = clean_param($key, PARAM_INT);
- $element->feedback = $form->{"feedback_$key"};
+ $element->feedback = clean_param($form->{"feedback_$key"}, PARAM_CLEAN);
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
// any comment?
if (!empty($form->generalcomment)) { // update the object (no need to update the db record)
- $assessment->generalcomment = $form->generalcomment;
+ $assessment->generalcomment = clean_param($form->generalcomment, PARAM_CLEAN);
}
// redisplay form, going back to original returnto address
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = $i;
- $element->feedback = $form->{"feedback_$i"};
+ $element->feedback = clean_param($form->{"feedback_$i"}, PARAM_CLEAN);
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
}
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = $key;
- $element->feedback = $form->{"feedback_$key"};
+ $element->feedback = clean_param($form->{"feedback_$key"}, PARAM_CLEAN);
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
$element->assessmentid = $assessment->id;
$element->elementno = $i;
$element->feedback = $form->{"feedback_$i"};
- $element->grade = $form->grade[$i];
+ $element->grade = clean_param($form->grade[$i], PARAM_CLEAN);
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
}
$element->workshopid = $workshop->id;
$element->assessmentid = $assessment->id;
$element->elementno = clean_param($key, PARAM_INT);
- $element->feedback = $form->{"feedback_$key"};
+ $element->feedback = clean_param($form->{"feedback_$key"}, PARAM_CLEAN);
$element->grade = $thegrade;
if (!$element->id = insert_record("workshop_grades", $element)) {
error("Could not insert workshop grade!");
// any comment?
if (!empty($form->generalcomment)) {
- set_field("workshop_assessments", "generalcomment", $form->generalcomment, "id", $assessment->id);
+ set_field("workshop_assessments", "generalcomment", clean_param($form->generalcomment, PARAM_CLEAN), "id", $assessment->id);
}
add_to_log($course->id, "workshop", "assess",
projects / moodle.git / commitdiff