From: robertall Date: Wed, 28 May 2008 13:10:58 +0000 (+0000) Subject: [MDL-14442] Resolve reopened bug for importing database records as CSV by applying... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=8f31ccd51ad86317abd35080f6c59b62be3f31bf;p=moodle.git [MDL-14442] Resolve reopened bug for importing database records as CSV by applying "MDL-14442-clean_param.patch" (see tracker). Don't use PARAM_NOTAGS anymore. Merged from MOODLE_19_STABLE. --- diff --git a/mod/data/import.php b/mod/data/import.php index 22bdccfda8..bab4d385eb 100755 --- a/mod/data/import.php +++ b/mod/data/import.php @@ -126,16 +126,27 @@ $content = new object(); $content->fieldid = $field->id; $content->recordid = $recordid; + if ($field->type == 'textarea') { + // the only field type where HTML is possible + $value = clean_param($value, PARAM_CLEANHTML); + } else { + // remove potential HTML: + $patterns[] = '//'; + $replacements[] = '>'; + $value = preg_replace($patterns, $replacements, $value); + } + $value = addslashes($value); // for now, only for "latlong" and "url" fields, but that should better be looked up from // $CFG->dirroot . '/mod/data/field/' . $field->type . '/field.class.php' // once there is stored how many contents the field can have. - $value = addslashes($value); if (preg_match("/^(latlong|url)$/", $field->type)) { - $values = explode(" ", clean_param($value, PARAM_NOTAGS), 2); + $values = explode(" ", $value, 2); $content->content = $values[0]; $content->content1 = $values[1]; } else { - $content->content = clean_param($value, PARAM_NOTAGS); + $content->content = $value; } $oldcontent = get_record('data_content', 'fieldid', $field->id, 'recordid', $recordid); $content->id = $oldcontent->id;