From 107470cb3a82897cfa687910ab8e499b71e172b1 Mon Sep 17 00:00:00 2001
From: mark-nielsen <mark-nielsen>
Date: Fri, 2 Feb 2007 02:27:03 +0000
Subject: [PATCH] Merged in fixes for MDL-8375 from MOODLE_17_STABLE

---
 mod/lesson/action/continue.php |  4 ++--
 mod/lesson/essay.php           | 10 +++++-----
 mod/lesson/report.php          |  4 ++--
 mod/lesson/view.php            |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/mod/lesson/action/continue.php b/mod/lesson/action/continue.php
index 5c3c475989..ad3ed95ef8 100644
--- a/mod/lesson/action/continue.php
+++ b/mod/lesson/action/continue.php
@@ -64,7 +64,7 @@
                 $noanswer = true;
                 break;
             }
-            $useranswer = clean_param($useranswer, PARAM_CLEAN);
+            $useranswer = clean_param($useranswer, PARAM_RAW);
         
             if (!$answers = get_records("lesson_answers", "pageid", $pageid, "id")) {
                 error("Continue: No answers found");
@@ -82,7 +82,7 @@
             $userresponse->response = "";
             $userresponse = addslashes(serialize($userresponse));
             
-            $studentanswer = $useranswer;
+            $studentanswer = s(stripslashes_safe($useranswer));
             break;
          case LESSON_SHORTANSWER :
             if (!$useranswer = $_POST['answer']) {
diff --git a/mod/lesson/essay.php b/mod/lesson/essay.php
index 6cbbcb9c2c..72535e885f 100644
--- a/mod/lesson/essay.php
+++ b/mod/lesson/essay.php
@@ -85,7 +85,7 @@
 
                 $essayinfo->graded = 1;
                 $essayinfo->score = clean_param($form->score, PARAM_INT);
-                $essayinfo->response = stripslashes_safe($form->response);
+                $essayinfo->response = stripslashes_safe(clean_param($form->response, PARAM_RAW));
                 $essayinfo->sent = 0;
                 if (!$lesson->custom && $essayinfo->score == 1) {
                     $attempt->correct = 1;
@@ -179,9 +179,9 @@
                     
                     // Set rest of the message values
                     $a->question = format_text($pages[$attempt->pageid]->contents, FORMAT_MOODLE, $options);
-                    $a->response = format_text(stripslashes($essayinfo->answer));
+                    $a->response = s(stripslashes_safe($essayinfo->answer));
                     $a->teacher  = $course->teacher;
-                    $a->comment  = format_text(stripslashes($essayinfo->response), FORMAT_MOODLE, $options);
+                    $a->comment  = s($essayinfo->response);
                     
                     
                     // Fetch message HTML and plain text formats
@@ -320,7 +320,7 @@
             $essayinfo = unserialize($attempt->useranswer);
             
             $table->head = array(get_string('studentresponse', 'lesson', fullname($user, true)));
-            $table->data[] = array(format_text(stripslashes($essayinfo->answer)));
+            $table->data[] = array(s(stripslashes_safe($essayinfo->answer)));
 
             print_table($table);
 
@@ -328,7 +328,7 @@
 
             // Now a response box and grade drop-down for grader
             $table->head = array(get_string('comments', 'lesson'));
-            $table->data[] = array(print_textarea(false, 15, 60, 0, 0, 'response', format_text($essayinfo->response, FORMAT_PLAIN, $options), $course->id, true));
+            $table->data[] = array(print_textarea(false, 15, 60, 0, 0, 'response', $essayinfo->response, $course->id, true));
             $options = array();
             if ($lesson->custom) {
                 for ($i=$answer->score; $i>=0; $i--) {
diff --git a/mod/lesson/report.php b/mod/lesson/report.php
index 0f3543af35..18ed7102cd 100644
--- a/mod/lesson/report.php
+++ b/mod/lesson/report.php
@@ -732,7 +732,7 @@
                                 if ($essayinfo->response == NULL) {
                                     $answerdata->response = get_string("nocommentyet", "lesson");
                                 } else {
-                                    $answerdata->response = $essayinfo->response;
+                                    $answerdata->response = s($essayinfo->response);
                                 }
                                 if (isset($pagestats[$page->id])) {
                                     $percent = $pagestats[$page->id]->totalscore / $pagestats[$page->id]->total * 100;
@@ -765,7 +765,7 @@
                                 // dont think this should ever be reached....
                                 $avescore = get_string("nooneansweredthisquestion", "lesson");
                             }
-                            $answerdata->answers[] = array($essayinfo->answer, $avescore);
+                            $answerdata->answers[] = array(s(stripslashes_safe($essayinfo->answer)), $avescore);
                             break;
                         case LESSON_BRANCHTABLE :
                             $data = "<input type=\"button\" name=\"$answer->id\" value=\"".strip_tags(format_text($answer->answer, FORMAT_MOODLE,$formattextdefoptions))."\" disabled=\"disabled\"> ";
diff --git a/mod/lesson/view.php b/mod/lesson/view.php
index 6306358dc2..044b99ba3b 100644
--- a/mod/lesson/view.php
+++ b/mod/lesson/view.php
@@ -733,7 +733,7 @@
                 case LESSON_ESSAY :
                     if (isset($USER->modattempts[$lesson->id])) {
                         $essayinfo = unserialize($attempt->useranswer);
-                        $value = $essayinfo->answer;
+                        $value = s(stripslashes_safe($essayinfo->answer));
                     } else {
                         $value = "";
                     }
-- 
2.39.5