From 6ba65fa08d4c9709b4a712fbb166303a71ab590d Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Wed, 28 Feb 2007 06:25:22 +0000
Subject: [PATCH] Merged Nicolas' changes from MDL-8582 into HEAD.

---
 admin/handlevirus.php                         |  4 +-
 admin/mnet/enr_course_enrol.php               |  2 +-
 admin/mnet/enr_courses.php                    |  4 +-
 admin/oacleanup.php                           |  2 +-
 admin/process_email.php                       |  4 +-
 admin/register.php                            |  2 +-
 admin/roles/assign.php                        |  2 +-
 admin/roles/override.php                      |  2 +-
 admin/roles/tabs.php                          |  2 +-
 auth/cas/forbidden.php                        |  2 +-
 auth/cas/login.php                            | 10 +--
 auth/mnet/auth.php                            |  2 +-
 backup/backup.php                             |  4 +-
 backup/restore_check.html                     |  2 +-
 backup/restorelib.php                         |  2 +-
 backup/try.php                                |  6 +-
 blocks/admin/block_admin.php                  |  4 +-
 blocks/course_list/block_course_list.php      | 21 +++---
 course/category.php                           |  6 +-
 course/delete.php                             |  7 +-
 course/edit.php                               |  4 +-
 course/grade.php                              |  2 +-
 course/grades.php                             |  6 +-
 course/groups.php                             |  2 +-
 course/import/activities/index.php            |  2 +-
 course/import/groups/index.php                |  2 +-
 course/importstudents.php                     |  2 +-
 course/index.php                              | 10 +--
 course/info.php                               |  2 +-
 course/lib.php                                | 26 +++----
 course/pending.php                            |  4 +-
 course/recent.php                             | 10 +--
 course/report/log/index.php                   |  2 +-
 course/report/log/lib.php                     |  2 +-
 course/report/outline/index.php               |  4 +-
 course/report/participation/index.php         |  4 +-
 course/report/stats/index.php                 |  4 +-
 course/report/stats/report.php                |  2 +-
 course/scales.php                             |  6 +-
 course/search.php                             |  2 +-
 course/user.php                               |  4 +-
 enrol/authorize/enrol.php                     |  4 +-
 enrol/authorize/locallib.php                  |  4 +-
 enrol/database/enrol.php                      |  8 +--
 enrol/imsenterprise/importnow.php             |  2 +-
 enrol/mnet/allowed_courses.php                |  8 +--
 enrol/paypal/ipn.php                          |  6 +-
 files/index.php                               |  2 +-
 grade/exceptions.php                          |  2 +-
 grade/lib.php                                 |  9 +--
 group/assign.php                              |  2 +-
 group/group.php                               |  2 +-
 group/grouping.php                            |  2 +-
 group/groupui/index.php                       |  2 +-
 group/groupui/printgrouping.php               |  2 +-
 group/index.php                               |  4 +-
 lib/accesslib.php                             |  4 +-
 lib/db/mysql.php                              | 12 ++--
 lib/db/postgres7.php                          |  4 +-
 lib/moodlelib.php                             |  8 +--
 lib/questionlib.php                           |  2 +-
 lib/simpletest/testweblib.php                 | 33 +++++++++
 lib/weblib.php                                | 68 +++++++++++++++----
 message/index.php                             |  4 +-
 mod/assignment/lib.php                        |  2 +-
 mod/chat/gui_header_js/index.php              |  2 +-
 mod/chat/gui_sockets/index.php                |  2 +-
 mod/choice/view.php                           |  2 +-
 mod/data/edit.php                             |  2 +-
 mod/data/view.php                             |  2 +-
 mod/forum/discuss.php                         |  4 +-
 mod/forum/index.php                           |  8 +--
 mod/forum/lib.php                             |  2 +-
 mod/forum/post.php                            |  4 +-
 mod/forum/user.php                            |  4 +-
 mod/glossary/export.php                       |  2 +-
 mod/glossary/print.php                        |  4 +-
 mod/glossary/showentry.php                    |  4 +-
 mod/hotpot/index.php                          |  6 +-
 mod/hotpot/report.php                         |  4 +-
 mod/hotpot/review.php                         |  4 +-
 mod/hotpot/view.php                           |  4 +-
 mod/lams/index.php                            |  2 +-
 mod/lesson/index.php                          |  2 +-
 mod/resource/index.php                        |  2 +-
 mod/resource/type/file/resource.class.php     |  2 +-
 .../type/repository/resource.class.php        |  2 +-
 mod/scorm/player.php                          |  4 +-
 mod/scorm/report.php                          |  6 +-
 mod/scorm/view.php                            |  2 +-
 mod/survey/report.php                         |  2 +-
 mod/workshop/assess.php                       |  2 +-
 question/category_class.php                   |  6 +-
 user/edit.php                                 |  2 +-
 user/editadvanced.php                         |  2 +-
 user/profile/definelib.php                    |  2 +-
 user/profile/index.php                        |  2 +-
 user/tabs.php                                 |  4 +-
 user/view.php                                 |  7 +-
 99 files changed, 289 insertions(+), 210 deletions(-)
 create mode 100644 lib/simpletest/testweblib.php

diff --git a/admin/handlevirus.php b/admin/handlevirus.php
index f2b20e2126..7a09c1eb67 100644
--- a/admin/handlevirus.php
+++ b/admin/handlevirus.php
@@ -40,7 +40,7 @@ while(!feof($fd)) {
     
     $user = get_record("user","id",$log->userid);
     $course = get_record("course","id",$log->course);
-    $subject = get_string('virusfoundsubject','moodle',$site->fullname);
+    $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
     $a->date = userdate($log->time);
 
     $a->action = $action;
@@ -78,7 +78,7 @@ function notify_admins_unknown($file,$a) {
     global $site;
 
     $admins = get_admins();
-    $subject = get_string('virusfoundsubject','moodle',$site->fullname);
+    $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
     $body = get_string('virusfoundlateradminnolog','moodle',$a);
     foreach ($admins as $admin) {
         email_to_user($admin,$admin,$subject,$body);
diff --git a/admin/mnet/enr_course_enrol.php b/admin/mnet/enr_course_enrol.php
index 906e2280f4..94af92e175 100644
--- a/admin/mnet/enr_course_enrol.php
+++ b/admin/mnet/enr_course_enrol.php
@@ -258,7 +258,7 @@ $strsearchresults = get_string('searchresults');
 admin_externalpage_print_header($adminroot);
 
 print_box('<strong>' . s($mnet_peer->name) . ' : ' 
-          . s($course->shortname) .' '. s($course->fullname) 
+          . format_string($course->shortname) .' '. format_string($course->fullname) 
           . '</strong><br />'
           . get_string("enrolcourseenrol_desc", "mnet"));
 
diff --git a/admin/mnet/enr_courses.php b/admin/mnet/enr_courses.php
index 079668f5ab..f1157dbe1b 100644
--- a/admin/mnet/enr_courses.php
+++ b/admin/mnet/enr_courses.php
@@ -41,10 +41,10 @@
             . "host={$mnethost}&amp;courseid={$course->id}&amp;sesskey={$USER->sesskey}";
         print ('<tr>'
                . "<td>$icon</td>"
-               . "<td><a href=\"$link\">".s($course->fullname). "</a></td>"
+               . "<td><a href=\"$link\">".format_string($course->fullname). "</a></td>"
                . '</tr><tr>'
                . '<td></td>'
-               . '<td>'.s($course->shortname). ' - ' .s($course->cat_name).'</td>'
+               . '<td>'.format_string($course->shortname). ' - ' .format_string($course->cat_name).'</td>'
                . '</tr><tr>'
                . '<td></td>'
                . "<td align=\"left\" >{$course->summary}</td>"
diff --git a/admin/oacleanup.php b/admin/oacleanup.php
index bc603691fb..78ac48f39a 100644
--- a/admin/oacleanup.php
+++ b/admin/oacleanup.php
@@ -99,7 +99,7 @@ function online_assignment_cleanup($output=false) {
 
                         /// grab the section record
                         if (!($section = get_record('course_sections', 'id', $newsection))) {
-                            if ($output) echo 'Serious error: Cannot retrieve section: '.$newsection.' for course: '.$course->fullname.'<br />';
+                            if ($output) echo 'Serious error: Cannot retrieve section: '.$newsection.' for course: '. format_string($course->fullname) .'<br />';
                             continue;
                         }
 
diff --git a/admin/process_email.php b/admin/process_email.php
index 77f72c3f92..8e5091abcd 100755
--- a/admin/process_email.php
+++ b/admin/process_email.php
@@ -16,8 +16,8 @@ if ($_ENV['RECIPIENT'] == $CFG->noreplyaddress) {
     }
     
     $site = get_site();
-    $subject = get_string('noreplybouncesubject','moodle',$site->fullname);
-    $body = get_string('noreplybouncemessage','moodle',$site->fullname)."\n\n";
+    $subject = get_string('noreplybouncesubject','moodle',format_string($site->fullname));
+    $body = get_string('noreplybouncemessage','moodle',format_string($site->fullname))."\n\n";
     
     $fd = fopen('php://stdin','r');
     if ($fd) {
diff --git a/admin/register.php b/admin/register.php
index 6f5c34c8bf..cc142feb75 100644
--- a/admin/register.php
+++ b/admin/register.php
@@ -34,7 +34,7 @@
     $strregistration = get_string("registration");
     $strregistrationinfo = get_string("registrationinfo");
 
-    print_header("$site->shortname: $strregistration", "$site->fullname", 
+    print_header("$site->shortname: $strregistration", $site->fullname, 
                  "<a href=\"../$CFG->admin/index.php\">$stradministration</a> -> $strregistration");
 
     print_heading($strregistration);
diff --git a/admin/roles/assign.php b/admin/roles/assign.php
index 24d3a38340..11d1c263cd 100755
--- a/admin/roles/assign.php
+++ b/admin/roles/assign.php
@@ -103,7 +103,7 @@
 
         /// site header
         } else {
-            print_header("$course->fullname: $fullname", "$course->fullname",
+            print_header("$course->fullname: $fullname", $course->fullname,
                         "<a href=\"$CFG->wwwroot/user/view.php?id=$userid&amp;course=$courseid\">$fullname</a> -> $straction", "", "", true, "&nbsp;", navmenu($course));
         }
 
diff --git a/admin/roles/override.php b/admin/roles/override.php
index a52124f691..b94ea7e1cd 100755
--- a/admin/roles/override.php
+++ b/admin/roles/override.php
@@ -129,7 +129,7 @@
 
         /// site header
         } else {
-            print_header("$course->fullname: $fullname", "$course->fullname",
+            print_header("$course->fullname: $fullname", $course->fullname,
                         "<a href=\"$CFG->wwwroot/user/view.php?id=$userid&amp;course=$course->id\">$fullname</a> -> $straction", "", "", true, "&nbsp;", navmenu($course));
         }
         $showroles = 1;
diff --git a/admin/roles/tabs.php b/admin/roles/tabs.php
index a69baa0101..f240896af4 100755
--- a/admin/roles/tabs.php
+++ b/admin/roles/tabs.php
@@ -31,7 +31,7 @@ if ($currenttab != 'update') {
                 $streditcoursesettings = get_string("editcoursesettings");
     
                 $course = get_record('course', 'id', $context->instanceid);
-                print_header($streditcoursesettings, "$course->fullname",
+                print_header($streditcoursesettings, $course->fullname,
                         "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> $straction");
             }                        
             break;
diff --git a/auth/cas/forbidden.php b/auth/cas/forbidden.php
index ce1b8b2daf..918261ecf6 100644
--- a/auth/cas/forbidden.php
+++ b/auth/cas/forbidden.php
@@ -10,7 +10,7 @@
     $loginsite = get_string("loginsite");
     $errormsg = get_string("auth_cas_invalidcaslogin", "auth");
 
-    print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite);
+    print_header("$site->fullname: $loginsite", $site->fullname, $loginsite);
     include("forbidden.html");
     print_footer();
     exit;
diff --git a/auth/cas/login.php b/auth/cas/login.php
index d2148b6011..7551bc88c4 100644
--- a/auth/cas/login.php
+++ b/auth/cas/login.php
@@ -143,12 +143,12 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
             if ($ldapauth->config->expiration == 1) {
                     $days2expire = $ldapauth->password_expire($USER->username);
                     if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
-                        print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
+                        print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
                         notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
                         print_footer();
                         exit;
                     } elseif (intval($days2expire) < 0 ) {
-                        print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
+                        print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
                         notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
                         print_footer();
                         exit;
@@ -247,12 +247,12 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
         if ($ldapauth->config->expiration == 1) {
                 $days2expire = $ldapauth->password_expire($USER->username);
                 if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
-                    print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
+                    print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
                     notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
                     print_footer();
                     exit;
                 } elseif (intval($days2expire) < 0 ) {
-                    print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
+                    print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
                     notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
                     print_footer();
                     exit;
@@ -302,7 +302,7 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
         $show_instructions = false;
     }
 
-    print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
+    print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
     include($CFG->dirroot.'/auth/cas/index_form.html');
     print_footer();
 
diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php
index 9c8c07a394..338a9b259b 100644
--- a/auth/mnet/auth.php
+++ b/auth/mnet/auth.php
@@ -271,7 +271,7 @@ class auth_plugin_mnet
                 list($code, $message) = array_map('trim',explode(':', $errormessage, 2));
                 if($code == 702) {
                     $site = get_site();
-                    print_error('mnet_session_prohibited','mnet', $remotewwwroot, $site->fullname);
+                    print_error('mnet_session_prohibited','mnet', $remotewwwroot, format_string($site->fullname));
                     exit;
                 }
                 $message .= "ERROR $code:<br/>$errormessage<br/>";
diff --git a/backup/backup.php b/backup/backup.php
index f87a6d4aa7..d6a8265df3 100644
--- a/backup/backup.php
+++ b/backup/backup.php
@@ -78,7 +78,7 @@
             print_heading(get_string("choosecourse"));
             print_simple_box_start("center");
             foreach ($courses as $course) {
-                echo '<a href="backup.php?id='.$course->id.'">'.s($course->fullname).' ('.s($course->shortname).')</a><br />'."\n";
+                echo '<a href="backup.php?id='.$course->id.'">'.format_string($course->fullname).' ('.format_string($course->shortname).')</a><br />'."\n";
             }
             print_simple_box_end();
         } else {
@@ -106,7 +106,7 @@
     }
 
     //Print form     
-    print_heading("$strcoursebackup: $course->fullname ($course->shortname)");
+    print_heading(format_string("$strcoursebackup: $course->fullname ($course->shortname)"));
     print_simple_box_start("center");
 
     //Adjust some php variables to the execution of this script
diff --git a/backup/restore_check.html b/backup/restore_check.html
index d28cf701ec..065df0a94b 100644
--- a/backup/restore_check.html
+++ b/backup/restore_check.html
@@ -222,7 +222,7 @@
                 } else {
                     $optdimmed = '';
                 }
-                echo "<a $optdimmed href=\"restore.php?course_id=$course->id&launch=check&id=$id&file=$file\">".s($course->fullname).' ('.s($course->shortname).')</a><br />'."\n";
+                echo "<a $optdimmed href=\"restore.php?course_id=$course->id&launch=check&id=$id&file=$file\">".format_string($course->fullname).' ('.format_string($course->shortname).')</a><br />'."\n";
             }
             print_simple_box_end();
         } else {
diff --git a/backup/restorelib.php b/backup/restorelib.php
index 57a4aeffbe..e4fbc728a1 100644
--- a/backup/restorelib.php
+++ b/backup/restorelib.php
@@ -5762,7 +5762,7 @@
                     echo "<li>".get_string("usingexistingcourse"); 
                     echo "<ul>";
                     echo "<li>".get_string("from").": ".$course_header->course_fullname." (".$course_header->course_shortname.")".'</li>';
-                    echo "<li>".get_string("to").": ".$course->fullname." (".$course->shortname.")".'</li>';
+                    echo "<li>".get_string("to").": ". format_string($course->fullname) ." (".format_string($course->shortname).")".'</li>';
                     if (($restore->deleting)) {
                         echo "<li>".get_string("deletingexistingcoursedata").'</li>';
                     } else {
diff --git a/backup/try.php b/backup/try.php
index 01e025a47d..92960c015e 100644
--- a/backup/try.php
+++ b/backup/try.php
@@ -27,15 +27,15 @@
 
     $courses = get_records("course");
     foreach ($courses as $course) {
-        echo "Start course ".$course->fullname;
+        echo "Start course ". format_string($course->fullname);
         $preferences = schedule_backup_course_configure($course);
         if ($preferences && $status) {
             $status = schedule_backup_course_execute($preferences);
         }
         if ($status && $preferences) {
-            echo "End course ".$course->fullname." OK\n\n";
+            echo "End course ". format_string($course->fullname)." OK\n\n";
         } else {
-            echo "End course ".$course->fullname." FAIL\n\n";
+            echo "End course ". format_string($course->fullname)." FAIL\n\n";
         }
     }
 ?>
diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php
index b0b7c5f616..4ef0a88830 100644
--- a/blocks/admin/block_admin.php
+++ b/blocks/admin/block_admin.php
@@ -164,10 +164,10 @@ class block_admin extends block_list {
 
         if (empty($course->metacourse) && ($course->id!==SITEID)) {
             if (has_capability('moodle/legacy:guest', $context, NULL, false)) {   // Are a guest now
-                $this->content->items[]='<a href="enrol.php?id='.$this->instance->pageid.'">'.get_string('enrolme', '', s($course->shortname)).'</a>';
+                $this->content->items[]='<a href="enrol.php?id='.$this->instance->pageid.'">'.get_string('enrolme', '', format_string($course->shortname)).'</a>';
                 $this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" class="icon" alt="" />';
             } else if (has_capability('moodle/role:unassignself', $context, NULL, false)) {  // Have some role
-                $this->content->items[]='<a href="unenrol.php?id='.$this->instance->pageid.'">'.get_string('unenrolme', '', s($course->shortname)).'</a>';
+                $this->content->items[]='<a href="unenrol.php?id='.$this->instance->pageid.'">'.get_string('unenrolme', '', format_string($course->shortname)).'</a>';
                 $this->content->icons[]='<img src="'.$CFG->pixpath.'/i/user.gif" class="icon" alt="" />';
             }
         }
diff --git a/blocks/course_list/block_course_list.php b/blocks/course_list/block_course_list.php
index df9b145ec4..ba7329c6a8 100644
--- a/blocks/course_list/block_course_list.php
+++ b/blocks/course_list/block_course_list.php
@@ -44,8 +44,8 @@ class block_course_list extends block_list {
                         continue;
                     }
                     $linkcss = $course->visible ? "" : " class=\"dimmed\" ";
-                    $this->content->items[]="<a $linkcss title=\"" . s($course->shortname) . "\" ".
-                               "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">" . s($course->fullname) . "</a>";
+                    $this->content->items[]="<a $linkcss title=\"" . format_string($course->shortname) . "\" ".
+                               "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">" . format_string($course->fullname) . "</a>";
                     $this->content->icons[]=$icon;
                 }
                 $this->title = get_string('mycourses');
@@ -65,7 +65,7 @@ class block_course_list extends block_list {
             if (count($categories) > 1 || (count($categories) == 1 && count_records('course') > 200)) {     // Just print top level category links
                 foreach ($categories as $category) {
                     $linkcss = $category->visible ? "" : " class=\"dimmed\" ";
-                    $this->content->items[]="<a $linkcss href=\"$CFG->wwwroot/course/category.php?id=$category->id\">" . s($category->name) . "</a>";
+                    $this->content->items[]="<a $linkcss href=\"$CFG->wwwroot/course/category.php?id=$category->id\">" . format_string($category->name) . "</a>";
                     $this->content->icons[]=$icon;
                 }
                 $this->content->icons[] = '';
@@ -83,14 +83,18 @@ class block_course_list extends block_list {
                 if ($courses) {
                     foreach ($courses as $course) {
                         $linkcss = $course->visible ? "" : " class=\"dimmed\" ";
-                        $this->content->items[]="<a $linkcss title=\"".s($course->shortname)."\" ".
-                                   "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->fullname</a>";
+
+                        $this->content->items[]="<a $linkcss title=\""
+                                   . format_string($course->shortname)."\" ".
+                                   "href=\"$CFG->wwwroot/course/view.php?id=$course->id\">" 
+                                   .  format_string($course->fullname) . "</a>";
                         $this->content->icons[]=$icon;
                     }
                 /// If we can update any course of the view all isn't hidden, show the view all courses link
                     if (has_capability('moodle/course:update', get_context_instance(CONTEXT_SYSTEM)) || empty($CFG->block_course_list_hideallcourseslink)) {
                         $this->content->icons[] = '';
-                        $this->content->items[] = "&nbsp;&nbsp;&nbsp;<a href=\"$CFG->wwwroot/course/index.php\">".get_string("fulllistofcourses")."</a>...";
+                        $this->content->items[] = "&nbsp;&nbsp;&nbsp;<a href=\"$CFG->wwwroot/course/index.php\">"
+                            .get_string("fulllistofcourses")."</a>...";
                     }
                     $this->get_remote_courses();
                 } else {
@@ -123,8 +127,9 @@ class block_course_list extends block_list {
             $this->content->items[] = get_string('remotecourses','mnet');
             $this->content->icons[] = '';
             foreach ($courses as $course) {
-                $this->content->items[]="<a title=\"$course->shortname\" ".
-                    "href=\"{$CFG->wwwroot}/auth/mnet/jump.php?hostid={$course->hostid}&amp;wantsurl=/course/view.php?id={$course->remoteid}\">$course->fullname</a>";
+                $this->content->items[]="<a title=\"" . format_string($course->shortname) . "\" ".
+                    "href=\"{$CFG->wwwroot}/auth/mnet/jump.php?hostid={$course->hostid}&amp;wantsurl=/course/view.php?id={$course->remoteid}\">" 
+                    . format_string($course->fullname) . "</a>";
                 $this->content->icons[]=$icon;
             }
             // if we listed courses, we are done
diff --git a/course/category.php b/course/category.php
index 25faccaab9..f3dd90587f 100644
--- a/course/category.php
+++ b/course/category.php
@@ -225,7 +225,7 @@
                 }
                 $catlinkcss = $subcategory->visible ? "" : " class=\"dimmed\" ";
                 echo '<a '.$catlinkcss.' href="category.php?id='.$subcategory->id.'">'.
-                     $subcategory->name.'</a><br />';
+                     format_string($subcategory->name).'</a><br />';
             }
         }
         if (!$firstentry) {
@@ -312,7 +312,7 @@
 
             $linkcss = $acourse->visible ? "" : ' class="dimmed" ';
             echo '<tr>';
-            echo '<td><a '.$linkcss.' href="view.php?id='.$acourse->id.'">'.$acourse->fullname.'</a></td>';
+            echo '<td><a '.$linkcss.' href="view.php?id='.$acourse->id.'">'. format_string($acourse->fullname) .'</a></td>';
             if ($creatorediting) {
                 echo "<td>";
                 if (has_capability('moodle/course:update', $coursecontext)) {
@@ -432,7 +432,7 @@
         echo '<form id="renameform" action="category.php" method="post">';
         echo '<input type="hidden" name="id" value="'.$category->id.'" />';
         echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
-        echo '<input type="text" size="30" name="rename" value="'.s($category->name).'" alt="'.$strrename.'" />';
+        echo '<input type="text" size="30" name="rename" value="'.format_string($category->name).'" alt="'.$strrename.'" />';
         echo '<input type="submit" value="'.$strrename.'" />';
         echo "</form>";
         echo "<br />";
diff --git a/course/delete.php b/course/delete.php
index 2063d9347a..658a1888b2 100644
--- a/course/delete.php
+++ b/course/delete.php
@@ -37,7 +37,8 @@
                      "<a href=\"category.php?id=$course->category\">$category->name</a> -> ".
                      "$strdeletecheck");
 
-        notice_yesno("$strdeletecoursecheck<br /><br />$course->fullname ($course->shortname)", 
+        notice_yesno("$strdeletecoursecheck<br /><br />" . format_string($course->fullname) . 
+                     " (" . format_string($course->shortname) . ")", 
                      "delete.php?id=$course->id&amp;delete=".md5($course->timemodified)."&amp;sesskey=$USER->sesskey", 
                      "category.php?id=$course->category");
 
@@ -57,7 +58,7 @@
 
     add_to_log(SITEID, "course", "delete", "view.php?id=$course->id", "$course->fullname (ID $course->id)");
 
-    $strdeletingcourse = get_string("deletingcourse", "", $course->shortname);
+    $strdeletingcourse = get_string("deletingcourse", "", format_string($course->shortname));
 
     print_header("$site->shortname: $strdeletingcourse", $site->fullname, 
                  "<a href=\"../$CFG->admin/index.php\">$stradministration</a> -> ".
@@ -70,7 +71,7 @@
     delete_course($course->id);
     fix_course_sortorder(); //update course count in catagories
 
-    print_heading( get_string("deletedcourse", "", $course->shortname) );
+    print_heading( get_string("deletedcourse", "", format_string($course->shortname)) );
 
     print_continue("category.php?id=$course->category");
 
diff --git a/course/edit.php b/course/edit.php
index 61ff051c0e..771003d75b 100644
--- a/course/edit.php
+++ b/course/edit.php
@@ -102,11 +102,11 @@ if (!empty($course)) {
     $strcategories = get_string("categories");
 
     if (!empty($course)) {
-        print_header($streditcoursesettings, "$course->fullname",
+        print_header($streditcoursesettings, $course->fullname,
                      "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
                       -> $streditcoursesettings", $editform->focus());
     } else {
-        print_header("$site->shortname: $straddnewcourse", "$site->fullname",
+        print_header("$site->shortname: $straddnewcourse", $site->fullname,
                      "<a href=\"$CFG->wwwroot/$CFG->admin/index.php\">$stradministration</a> -> ".
                      "<a href=\"index.php\">$strcategories</a> -> $straddnewcourse", $editform->focus());
     }
diff --git a/course/grade.php b/course/grade.php
index 733b1acd6c..48182377b0 100644
--- a/course/grade.php
+++ b/course/grade.php
@@ -87,7 +87,7 @@
 
 /// OK, we have all the data, now present it to the user
 
-    print_header("$course->shortname: $strgrades", "$course->fullname", 
+    print_header("$course->shortname: $strgrades", $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> 
                   -> $strgrades");
     
diff --git a/course/grades.php b/course/grades.php
index 53efe95737..64c9307645 100644
--- a/course/grades.php
+++ b/course/grades.php
@@ -31,7 +31,7 @@
 /// Get a list of all students
     if ($currentgroup) {
         if (!$students = get_group_students($currentgroup, "u.lastname ASC")) {
-            print_header("$course->shortname: $strgrades", "$course->fullname", 
+            print_header("$course->shortname: $strgrades", $course->fullname, 
                      "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> 
                       -> $strgrades");
             setup_and_print_groups($course, $groupmode, "grades.php?id=$course->id");
@@ -41,7 +41,7 @@
         }
     } else {
         if (!$students = get_course_students($course->id, "u.lastname ASC")) {
-            print_header("$course->shortname: $strgrades", "$course->fullname", 
+            print_header("$course->shortname: $strgrades", $course->fullname, 
                      "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> 
                       -> $strgrades");
             notice(get_string("nostudentsyet"), "$CFG->wwwroot/course/view.php?id=$course->id");
@@ -289,7 +289,7 @@
     
     } else {  // Just print the web page
 
-        print_header("$course->shortname: $strgrades", "$course->fullname", 
+        print_header("$course->shortname: $strgrades", $course->fullname, 
                      "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> 
                       -> $strgrades");
     
diff --git a/course/groups.php b/course/groups.php
index 5419d1d6eb..98f15c5876 100644
--- a/course/groups.php
+++ b/course/groups.php
@@ -61,7 +61,7 @@
     $strgroupmemberssee = get_string('groupmemberssee');
     $strparticipants = get_string('participants');
 
-    print_header("$course->shortname: $strgroups", "$course->fullname", 
+    print_header("$course->shortname: $strgroups",  $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">$strparticipants</a> ".
                  "-> $strgroups", "", "", true, '', user_login_string($course, $USER));
diff --git a/course/import/activities/index.php b/course/import/activities/index.php
index 4c312d863e..8364871af7 100644
--- a/course/import/activities/index.php
+++ b/course/import/activities/index.php
@@ -54,7 +54,7 @@
         }
     }
     
-    print_header("$course->shortname: $strimportactivities", "$course->fullname", 
+    print_header("$course->shortname: $strimportactivities", $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/course/import.php?id=$course->id\">".get_string('import')."</a> ".
                  "-> $strimportactivities");
diff --git a/course/import/groups/index.php b/course/import/groups/index.php
index 3d32f2445e..6fa3f6f1f9 100755
--- a/course/import/groups/index.php
+++ b/course/import/groups/index.php
@@ -40,7 +40,7 @@
 
 /// Print the header
 
-    print_header("$course->shortname: $strimportgroups", "$course->fullname", 
+    print_header("$course->shortname: $strimportgroups", $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/course/import.php?id=$course->id\">".get_string('import')."</a> ".
                  "-> $strimportgroups");
diff --git a/course/importstudents.php b/course/importstudents.php
index a49fd179b9..d182dde227 100644
--- a/course/importstudents.php
+++ b/course/importstudents.php
@@ -44,7 +44,7 @@
     $strshowall = get_string("showall");
 
     print_header("$course->shortname: $strassigncourses",
-                 "$site->fullname",
+                 $site->fullname,
                  "<a href=\"view.php?id=$course->id\">$course->shortname</a> -> $strassigncourses",
                  "searchtext");
 
diff --git a/course/index.php b/course/index.php
index b45ba8a409..338d3bf7d2 100644
--- a/course/index.php
+++ b/course/index.php
@@ -106,9 +106,9 @@
             $newcategory->name = $form->addcategory;
             $newcategory->sortorder = 999;
             if (!insert_record('course_categories', $newcategory)) {
-                notify("Could not insert the new category '" . s($newcategory->name) . "'");
+                notify("Could not insert the new category '" . format_string($newcategory->name) . "'");
             } else {
-                notify(get_string('categoryadded', '', s($newcategory->name)));
+                notify(get_string('categoryadded', '', format_string($newcategory->name)));
             }
         }
     }
@@ -145,11 +145,11 @@
                 
                 /// Finally delete the category itself
                 if (delete_records('course_categories', 'id', $deletecat->id)) {
-                    notify(get_string('categorydeleted', '', s($deletecat->name)));
+                    notify(get_string('categorydeleted', '', format_string($deletecat->name)));
                 }
             }
             else {
-                $strdeletecategorycheck = get_string('deletecategorycheck','', s($deletecat->name));
+                $strdeletecategorycheck = get_string('deletecategorycheck','', format_string($deletecat->name));
                 notice_yesno($strdeletecategorycheck,
                              "index.php?delete=$delete&amp;sure=".md5($deletecat->timemodified)."&amp;sesskey=$USER->sesskey",
                              "index.php?sesskey=$USER->sesskey");
@@ -353,7 +353,7 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $
         $linkcss = $category->visible ? '' : ' class="dimmed" ';
         echo '<a '.$linkcss.' title="'.$str->edit.'" '.
              ' href="category.php?id='.$category->id.'&amp;categoryedit=on&amp;sesskey='.sesskey().'">'.
-             s($category->name).'</a>';
+             format_string($category->name).'</a>';
         echo '</td>';
 
         echo '<td class="count">'.$category->coursecount.'</td>';
diff --git a/course/info.php b/course/info.php
index 11afb81166..c30390bd4e 100644
--- a/course/info.php
+++ b/course/info.php
@@ -30,7 +30,7 @@
 
     print_header(get_string("summaryof", "", $course->fullname));
 
-    echo "<h3 align=\"center\">$course->fullname<br />($course->shortname)</h3>";
+    echo "<h3 align=\"center\">" . format_string($course->fullname) . "<br />(" . format_string($course->shortname) . ")</h3>";
 
     echo "<center>";
     if ($course->guest) {
diff --git a/course/lib.php b/course/lib.php
index be47798914..42314fa727 100644
--- a/course/lib.php
+++ b/course/lib.php
@@ -988,7 +988,7 @@ function print_overview($courses) {
         if (empty($course->visible)) {
             $linkcss = 'class="dimmed"';
         }
-        print_heading('<a title="'.$course->fullname.'" '.$linkcss.' href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'.$course->fullname.'</a>');
+        print_heading('<a title="'. format_string($course->fullname).'" '.$linkcss.' href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'. format_string($course->fullname).'</a>');
         if (array_key_exists($course->id,$htmlarray)) {
             foreach ($htmlarray[$course->id] as $modname => $html) {
                 echo $html;
@@ -1534,7 +1534,7 @@ function rebuild_course_cache($courseid=0) {
         foreach ($courses as $course) {
             $modinfo = serialize(get_array_of_activities($course->id));
             if (!set_field("course", "modinfo", $modinfo, "id", $course->id)) {
-                notify("Could not cache module information for course '$course->fullname'!");
+                notify("Could not cache module information for course '" . format_string($course->fullname) . "'!");
             }
         }
     }
@@ -1557,9 +1557,9 @@ function make_categories_list(&$list, &$parents, $category=NULL, $path="") {
 
     if ($category) {
         if ($path) {
-            $path = $path.' / '.s($category->name);
+            $path = $path.' / '.format_string($category->name);
         } else {
-            $path = s($category->name);
+            $path = format_string($category->name);
         }
         $list[$category->id] = $path;
     } else {
@@ -1678,7 +1678,7 @@ function print_category_info($category, $depth, $files = false) {
 
         echo '<td valign="top" class="category image">'.$catimage.'</td>';
         echo '<td valign="top" class="category name">';
-        echo '<a '.$catlinkcss.' href="'.$CFG->wwwroot.'/course/category.php?id='.$category->id.'">'.$category->name.'</a>';
+        echo '<a '.$catlinkcss.' href="'.$CFG->wwwroot.'/course/category.php?id='.$category->id.'">'. format_string($category->name).'</a>';
         echo '</td>';
         echo '<td class="category info">&nbsp;</td>';
         echo '</tr>';
@@ -1688,7 +1688,7 @@ function print_category_info($category, $depth, $files = false) {
                 $linkcss = $course->visible ? '' : ' class="dimmed" ';
                 echo '<tr><td valign="top">&nbsp;';
                 echo '</td><td valign="top" class="course name">';
-                echo '<a '.$linkcss.' href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'.$course->fullname.'</a>';
+                echo '<a '.$linkcss.' href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'. format_string($course->fullname).'</a>';
                 echo '</td><td align="right" valign="top" class="course info">';
                 if ($course->guest ) {
                     echo '<a title="'.$strallowguests.'" href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">';
@@ -1724,7 +1724,7 @@ function print_category_info($category, $depth, $files = false) {
         }
 
         echo '<td valign="top" class="category name">';
-        echo '<a '.$catlinkcss.' href="'.$CFG->wwwroot.'/course/category.php?id='.$category->id.'">'.$category->name.'</a>';
+        echo '<a '.$catlinkcss.' href="'.$CFG->wwwroot.'/course/category.php?id='.$category->id.'">'. format_string($category->name).'</a>';
         echo '</td>';
         echo '<td valign="top" class="category number">';
         if ($category->coursecount) {
@@ -1791,7 +1791,7 @@ function print_course($course) {
     echo '<div class="info">';
     echo '<div class="name"><a title="'.get_string('entercourse').'"'.
          $linkcss.' href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'.
-         $course->fullname.'</a></div>';   
+         format_string($course->fullname).'</a></div>';   
     
     /// first find all roles that are supposed to be displayed
     if ($managerroles = get_config('', 'coursemanager')) {
@@ -1946,10 +1946,10 @@ function print_remote_course($course, $width="100%") {
     echo '<div class="info">';
     echo '<div class="name"><a title="'.get_string('entercourse').'"'.
          $linkcss.' href="'.$url.'">'
-        . s($course->fullname) .'</a><br />'
-        . s($course->hostname) . ' : '
-        . s($course->cat_name) . ' : ' 
-        . s($course->shortname). '</div>';   
+        .  format_string($course->fullname) .'</a><br />'
+        . format_string($course->hostname) . ' : '
+        . format_string($course->cat_name) . ' : ' 
+        . format_string($course->shortname). '</div>';   
     echo '</div><div class="summary">';
     $options = NULL;
     $options->noclean = true;
@@ -2336,7 +2336,7 @@ function make_editing_buttons($mod, $absolute=false, $moveselect=true, $indent=-
  */
 function course_format_name ($course,$max=100) {
 
-    $str = $course->shortname.': '.$course->fullname;
+    $str = $course->shortname.': '. $course->fullname;
     if (strlen($str) <= $max) {
         return $str;
     }
diff --git a/course/pending.php b/course/pending.php
index c8655b4792..0f865386a8 100644
--- a/course/pending.php
+++ b/course/pending.php
@@ -109,8 +109,8 @@
             //do not output raw html from request, quote html entities using s()!!
             $table->data[] = array(((!empty($course->password)) ? 
                                     '<img hspace="1" alt="'.$strrequireskey.'" class="icon" src="'.$CFG->pixpath.'/i/key.gif" />' : ''),
-                                   s($course->shortname),s($course->fullname),fullname($requester),
-                                   s($course->summary),s($course->reason),
+                                   format_string($course->shortname),format_string($course->fullname),fullname($requester),
+                                   format_string($course->summary),format_string($course->reason),
                                    '<a href="pending.php?approve='.$course->id.'&amp;sesskey='.sesskey().'">'.get_string('approve').'</a> | '
                                    .'<a href="pending.php?reject='.$course->id.'&amp;sesskey='.sesskey().'">'.get_string('reject').'</a>');
         }
diff --git a/course/recent.php b/course/recent.php
index 173a7b9646..af2f60f1ae 100644
--- a/course/recent.php
+++ b/course/recent.php
@@ -44,15 +44,15 @@
             $dateinfo = userdate($date, get_string("strftimedaydate"));
 
         if ($course->id != SITEID) {
-            print_header("$course->shortname: $strrecentactivity", "$course->fullname",
+            print_header("$course->shortname: $strrecentactivity", $course->fullname,
                          "<a href=\"view.php?id=$course->id\">$course->shortname</a> ->
                           <a href=\"recent.php?id=$course->id\">$strrecentactivity</a> -> $userinfo, $dateinfo", "", $meta);
         } else {
-            print_header("$course->shortname: $strrecentactivity", "$course->fullname",
+            print_header("$course->shortname: $strrecentactivity", $course->fullname,
                          "<a href=\"recent.php?id=$course->id\">$strrecentactivity</a> -> $userinfo, $dateinfo", "", $meta);
         }
 
-        print_heading("$course->fullname: $userinfo, $dateinfo (".usertimezone().")", '', 3);
+        print_heading(format_string($course->fullname) . ": $userinfo, $dateinfo (".usertimezone().")", '', 3);
         $advancedfilter = 1;
         print_recent_selector_form($course, $advancedfilter, $user, $date, $modname, $modid, $modaction, $selectedgroup, $sortby);
 
@@ -69,10 +69,10 @@
         }
 
         if ($course->id != SITEID) {
-            print_header("$course->shortname: $strrecentactivity", "$course->fullname",
+            print_header("$course->shortname: $strrecentactivity", $course->fullname,
                      "<a href=\"view.php?id=$course->id\">$course->shortname</a> -> $strrecentactivity", "", $meta);
         } else {
-            print_header("$course->shortname: $strrecentactivity", "$course->fullname",
+            print_header("$course->shortname: $strrecentactivity", $course->fullname,
                      "$strrecentactivity", "", $meta);
         }
 
diff --git a/course/report/log/index.php b/course/report/log/index.php
index 8943b2c124..8d7edcc30c 100644
--- a/course/report/log/index.php
+++ b/course/report/log/index.php
@@ -86,7 +86,7 @@
                                   <a href=\"index.php?id=$course->id\">$strlogs</a> -> $userinfo, $dateinfo", '');
                 }
 
-                print_heading("$course->fullname: $userinfo, $dateinfo (".usertimezone().")");
+                print_heading(format_string($course->fullname) . ": $userinfo, $dateinfo (".usertimezone().")");
                 print_mnet_log_selector_form($hostid, $course, $user, $date, $modname, $modid, $modaction, $group, $showcourses, $showusers, $logformat);
                 
                 if($hostid == $CFG->mnet_localhost_id) {
diff --git a/course/report/log/lib.php b/course/report/log/lib.php
index 380fcfaa21..67fe479cda 100644
--- a/course/report/log/lib.php
+++ b/course/report/log/lib.php
@@ -335,7 +335,7 @@ function print_log_selector_form($course, $selecteduser=0, $selecteddate='today'
         if ($ccc = get_records("course", "", "", "fullname","id,fullname,category")) {
             foreach ($ccc as $cc) {
                 if ($cc->category) {
-                    $courses["$cc->id"] = "$cc->fullname";
+                    $courses["$cc->id"] = $cc->fullname;
                 } else {
                     $courses["$cc->id"] = " $cc->fullname (Site)";
                 }
diff --git a/course/report/outline/index.php b/course/report/outline/index.php
index 01752e3385..c4c45fdfbd 100644
--- a/course/report/outline/index.php
+++ b/course/report/outline/index.php
@@ -29,12 +29,12 @@
     $strtodaylogs      = get_string("todaylogs");
     $strreports        = get_string("reports");
 
-    print_header("$course->shortname: $stractivityreport", "$course->fullname",
+    print_header("$course->shortname: $stractivityreport", $course->fullname,
                  "<a href=\"../../view.php?id=$course->id\">$course->shortname</a> ->
                   <a href=\"../../report.php?id=$course->id\">$strreports</a> ->
                   $stractivityreport");
 
-    print_heading("$course->fullname");
+    print_heading(format_string($course->fullname));
 
     echo "<table cellpadding=\"10\" align=\"center\"><tr>";
     echo "<td>$stractivityreport: </td>";
diff --git a/course/report/participation/index.php b/course/report/participation/index.php
index 818ac25161..5220203ea7 100644
--- a/course/report/participation/index.php
+++ b/course/report/participation/index.php
@@ -51,10 +51,10 @@
     $strallactions    = get_string('allactions');
     $strreports       = get_string('reports');
 
-    $strnav = "<a href=\"../../view.php?id=$course->id\">$course->shortname</a> -> 
+    $strnav = "<a href=\"../../view.php?id=$course->id\">" . format_string($course->shortname) . "</a> -> 
                <a href=\"../../report.php?id=$course->id\">$strreports</a> -> ". $strparticipation;
     
-    print_header("$course->shortname: $strparticipation", "$course->fullname",
+    print_header("$course->shortname: $strparticipation", $course->fullname,
                  "<a href=\"../../view.php?id=$course->id\">$course->shortname</a> ->
                   <a href=\"../../report.php?id=$course->id\">$strreports</a> ->
                   $strparticipation");
diff --git a/course/report/stats/index.php b/course/report/stats/index.php
index ddf11eb5e2..187e815036 100644
--- a/course/report/stats/index.php
+++ b/course/report/stats/index.php
@@ -54,11 +54,11 @@
 
     $menu = report_stats_mode_menu($course, $mode, $time, "$CFG->wwwroot/course/report/stats/index.php");
 
-    $crumb = "<a href=\"../../view.php?id=$course->id\">$course->shortname</a> ->
+    $crumb = "<a href=\"../../view.php?id=$course->id\">" . format_string($course->shortname) . "</a> ->
               <a href=\"../../report.php?id=$course->id\">$strreports</a> ->
               $strstats";
 
-    print_header("$course->shortname: $strstats", "$course->fullname", 
+    print_header("$course->shortname: $strstats", $course->fullname, 
                   $crumb, '', '', true, '&nbsp;', $menu);
     
     
diff --git a/course/report/stats/report.php b/course/report/stats/report.php
index f3159a84d4..5cf737e666 100644
--- a/course/report/stats/report.php
+++ b/course/report/stats/report.php
@@ -107,7 +107,7 @@
 
             $stats = stats_fix_zeros($stats,$param->timeafter,$param->table,(!empty($param->line2)));
 
-            print_heading($course->shortname.' - '.get_string('statsreport'.$report)
+            print_heading(format_string($course->shortname).' - '.get_string('statsreport'.$report)
                     .((!empty($user)) ? ' '.get_string('statsreportforuser').' ' .fullname($user,true) : '')
                     .((!empty($roleid)) ? ' '.get_field('role','name','id',$roleid) : ''));
 
diff --git a/course/scales.php b/course/scales.php
index 5838d96cea..efbe8cf763 100644
--- a/course/scales.php
+++ b/course/scales.php
@@ -105,7 +105,7 @@
         //        $scales_site_uses = site_scale_used($scale->id,$courses);
         $scalemenu = make_menu_from_list($scale->scale);
 
-        print_header("$course->shortname: $strscales", "$course->fullname",
+        print_header("$course->shortname: $strscales", $course->fullname,
                  "$course->shortname -> $strscales -> $scale->name", "", "", true, "&nbsp;", "&nbsp;");
 
         close_window_button();
@@ -164,7 +164,7 @@
         }
 
         //Print out the headers
-        print_header("$course->shortname: $strscales", "$course->fullname",
+        print_header("$course->shortname: $strscales", $course->fullname,
                  "<a href=\"view.php?id=$course->id\">$course->shortname</a>".
                  " -> <a href=\"scales.php?id=$course->id\">$strscales</a>".
                  " -> ".get_string("editinga","",$strscale), $focus);
@@ -372,7 +372,7 @@
 
 /// Print out the main page
 
-    print_header("$course->shortname: $strscales", "$course->fullname", 
+    print_header("$course->shortname: $strscales", $course->fullname, 
                  "<a href=\"view.php?id=$course->id\">$course->shortname</a> 
                   -> $strscales");
 
diff --git a/course/search.php b/course/search.php
index d8b1667b43..dc1944cab9 100644
--- a/course/search.php
+++ b/course/search.php
@@ -232,7 +232,7 @@
                 }
 
                 echo "<tr>";
-                echo "<td><a $linkcss href=\"view.php?id=$course->id\">$course->fullname</a></td>";
+                echo "<td><a $linkcss href=\"view.php?id=$course->id\">" . format_string($course->fullname) . "</a></td>";
                 echo "<td>".$displaylist[$course->category]."</td>";
                 echo "<td align=\"center\">";
                 
diff --git a/course/user.php b/course/user.php
index 1c084ef66c..653573d3c7 100644
--- a/course/user.php
+++ b/course/user.php
@@ -43,13 +43,13 @@
     $fullname          = fullname($user, true);
 
     if ($course->id != SITEID) {
-        print_header("$course->shortname: $stractivityreport ($mode)", "$course->fullname",
+        print_header("$course->shortname: $stractivityreport ($mode)", $course->fullname,
                  "<a href=\"../course/view.php?id=$course->id\">$course->shortname</a> ->
                   <a href=\"../user/index.php?id=$course->id\">$strparticipants</a> ->
                   <a href=\"../user/view.php?id=$user->id&amp;course=$course->id\">$fullname</a> -> 
                   $stractivityreport -> $strmode");
     } else {
-        print_header("$course->shortname: $stractivityreport ($mode)", "$course->fullname",
+        print_header("$course->shortname: $stractivityreport ($mode)", $course->fullname,
                  "<a href=\"../user/view.php?id=$user->id&amp;course=$course->id\">$fullname</a> -> 
                   $stractivityreport -> $strmode");
     }
diff --git a/enrol/authorize/enrol.php b/enrol/authorize/enrol.php
index 1e6883d2fb..42fb074cce 100755
--- a/enrol/authorize/enrol.php
+++ b/enrol/authorize/enrol.php
@@ -258,7 +258,7 @@ class enrolment_plugin_authorize
                 $a->user = fullname($USER);
                 email_to_user($paymentmanager,
                               $USER,
-                              get_string("enrolmentnew", '', $course->shortname),
+                              get_string("enrolmentnew", '', format_string($course->shortname)),
                               get_string('enrolmentnewuser', '', $a));
             }
             if (!empty($CFG->enrol_mailadmins)) {
@@ -269,7 +269,7 @@ class enrolment_plugin_authorize
                 foreach ($admins as $admin) {
                     email_to_user($admin,
                                   $USER,
-                                  get_string("enrolmentnew", '', $course->shortname),
+                                  get_string("enrolmentnew", '', format_string($course->shortname)),
                                   get_string('enrolmentnewuser', '', $a));
                 }
             }
diff --git a/enrol/authorize/locallib.php b/enrol/authorize/locallib.php
index 86cc78a988..42443da029 100644
--- a/enrol/authorize/locallib.php
+++ b/enrol/authorize/locallib.php
@@ -242,7 +242,7 @@ function authorize_print_order_details($orderno)
     $table->data[] = array("<b>$authstrs->amount:</b>", "$order->currency $order->amount");
     if (empty($cmdcapture) and empty($cmdrefund) and empty($cmdvoid) and empty($cmddelete)) {
         $color = authorize_get_status_color($status->status);
-        $table->data[] = array("<b>$strs->course:</b>", $course->shortname);
+        $table->data[] = array("<b>$strs->course:</b>", format_string($course->shortname));
         $table->data[] = array("<b>$strs->status:</b>", "<font style='color:$color'>" . $authstrs->{$status->status} . "</font>");
         if ($order->paymentmethod == AN_METHOD_CC) {
             $table->data[] = array("<b>$authstrs->nameoncard:</b>", $order->ccname);
@@ -287,7 +287,7 @@ function authorize_print_order_details($orderno)
                     }
                     else {
                         $table->data[] = array("<b><font color='red'>$strs->error:</font></b>",
-                        "Error while trying to enrol ".fullname($user)." in '$course->shortname'");
+                        "Error while trying to enrol ".fullname($user)." in '" . format_string($course->shortname) . "'");
                     }
                 }
                 else {
diff --git a/enrol/database/enrol.php b/enrol/database/enrol.php
index 3d99bc3ed8..b3d017da1e 100644
--- a/enrol/database/enrol.php
+++ b/enrol/database/enrol.php
@@ -283,9 +283,9 @@ function sync_enrolments($role = null) {
         if ($to_prune) {
             foreach ($to_prune as $role_assignment) {
                 if (role_unassign($role->id, $role_assignment->userid, 0, $role_assignment->contextid)){
-                    print "Unassigned {$role->shortname} assignment #{$role_assignment->id} for course {$course->id} ({$course->shortname}); user {$role_assignment->userid}\n";
+                    print "Unassigned {$role->shortname} assignment #{$role_assignment->id} for course {$course->id} (" . format_string($course->shortname) . "); user {$role_assignment->userid}\n";
                 } else {
-                    print "Failed to unassign {$role->shortname} assignment #{$role_assignment->id} for course {$course->id} ({$course->shortname}); user {$role_assignment->userid}\n";
+                    print "Failed to unassign {$role->shortname} assignment #{$role_assignment->id} for course {$course->id} (" . format_string($course->shortname) . "); user {$role_assignment->userid}\n";
                 }
             }
         }
@@ -325,9 +325,9 @@ function sync_enrolments($role = null) {
             }
             
             if (role_assign($role->id, $userid, 0, $context->id, 0, 0, 0, 'database')){
-                print "Assigned role {$role->shortname} to user {$userid} in course {$course->id} ({$course->shortname})\n";
+                print "Assigned role {$role->shortname} to user {$userid} in course {$course->id} (" . format_string($course->shortname) . ")\n";
             } else {
-                print "Failed to assign role {$role->shortname} to user {$userid} in course {$course->id} ({$course->shortname})\n";
+                print "Failed to assign role {$role->shortname} to user {$userid} in course {$course->id} (" . format_string($course->shortname) . ")\n";
             }
 
         } // end foreach member
diff --git a/enrol/imsenterprise/importnow.php b/enrol/imsenterprise/importnow.php
index b04bc5c51d..a5af41dcab 100644
--- a/enrol/imsenterprise/importnow.php
+++ b/enrol/imsenterprise/importnow.php
@@ -10,7 +10,7 @@ if (!$site = get_site()) {
 /// get language strings
 $str = get_strings(array('enrolments', 'users', 'administration', 'settings'));
 
-print_header("$site->shortname: $str->enrolments", "$site->fullname",
+print_header("$site->shortname: $str->enrolments", $site->fullname,
               "<a href=\"../../$CFG->admin/index.php\">$str->administration</a> -> 
                $str->enrolments -> IMS import");
 
diff --git a/enrol/mnet/allowed_courses.php b/enrol/mnet/allowed_courses.php
index 9612667fae..176e596635 100644
--- a/enrol/mnet/allowed_courses.php
+++ b/enrol/mnet/allowed_courses.php
@@ -155,7 +155,7 @@ if (count($categories) < 1) {
                            getElementById('allowedcoursesform').addcategories.selectedIndex=-1;" >
           <?php
               foreach ($allowedcategories as $category) {
-                  echo "<option value=\"$category->id\"> $category->name </option>\n";
+                  echo "<option value=\"$category->id\"> " . format_string($category->name) . " </option>\n";
               }
           ?>
           </select>
@@ -176,7 +176,7 @@ if (count($categories) < 1) {
                            getElementById('allowedcoursesform').removecategories.selectedIndex=-1;">
           <?php
             foreach ($potentialcategories as $category) {
-                echo "<option value=\"$category->id\"> $category->name </option>\n";
+                echo "<option value=\"$category->id\"> " . format_string($category->name) . " </option>\n";
             }
         ?>
         </select>
@@ -212,7 +212,7 @@ if (count($courses) < 1) {
                            getElementById('allowedcoursesform').addcourses.selectedIndex=-1;">
           <?php
               foreach ($allowedcourses as $course) {
-                  echo "<option value=\"$course->id\"> $course->shortname </option>\n";
+                  echo "<option value=\"$course->id\"> " . format_string($course->shortname) . " </option>\n";
               }
           ?>
           </select>
@@ -233,7 +233,7 @@ if (count($courses) < 1) {
                            getElementById('allowedcoursesform').removecourses.selectedIndex=-1;">
           <?php
             foreach ($potentialcourses as $course) {
-                echo "<option value=\"$course->id\"> $course->shortname </option>\n";
+                echo "<option value=\"$course->id\"> " . format_string($course->shortname) . " </option>\n";
             }
         ?>
         </select>
diff --git a/enrol/paypal/ipn.php b/enrol/paypal/ipn.php
index 2052db5208..5c6becab35 100644
--- a/enrol/paypal/ipn.php
+++ b/enrol/paypal/ipn.php
@@ -168,21 +168,21 @@
                 $teacher = get_teacher($course->id);
 
                 if (!empty($CFG->enrol_mailstudents)) {
-                    $a->coursename = "$course->fullname";
+                    $a->coursename = $course->fullname;
                     $a->profileurl = "$CFG->wwwroot/user/view.php?id=$user->id";
                     email_to_user($user, $teacher, get_string("enrolmentnew", '', $course->shortname),
                                   get_string('welcometocoursetext', '', $a));
                 }
 
                 if (!empty($CFG->enrol_mailteachers)) {
-                    $a->course = "$course->fullname";
+                    $a->course = $course->fullname;
                     $a->user = fullname($user);
                     email_to_user($teacher, $user, get_string("enrolmentnew", '', $course->shortname),
                                   get_string('enrolmentnewuser', '', $a));
                 }
 
                 if (!empty($CFG->enrol_mailadmins)) {
-                    $a->course = "$course->fullname";
+                    $a->course = $course->fullname;
                     $a->user = fullname($user);
                     $admins = get_admins();
                     foreach ($admins as $admin) {
diff --git a/files/index.php b/files/index.php
index a9c0574561..b6b9143bdc 100644
--- a/files/index.php
+++ b/files/index.php
@@ -130,7 +130,7 @@
                 }
 
             } else {
-                print_header("$course->shortname: $strfiles", "$course->fullname",
+                print_header("$course->shortname: $strfiles", $course->fullname,
                              "<a href=\"../course/view.php?id=$course->id\">$course->shortname".
                              "</a> -> $fullnav", $formfield);
             }
diff --git a/grade/exceptions.php b/grade/exceptions.php
index 90657b3eef..3378296380 100644
--- a/grade/exceptions.php
+++ b/grade/exceptions.php
@@ -16,7 +16,7 @@
 
     $group = get_current_group($course->id);
     
-    print_header("$course->shortname: ".get_string('grades'), "$course->fullname", grade_nav($course, $action));
+    print_header("$course->shortname: ".get_string('grades'), $course->fullname, grade_nav($course, $action));
 
     grade_preferences_menu($action, $course, $group);
 
diff --git a/grade/lib.php b/grade/lib.php
index d4a1ae7b70..4422b0b0a0 100644
--- a/grade/lib.php
+++ b/grade/lib.php
@@ -2362,7 +2362,8 @@ function grade_set_grade_weights() {
                 }
             }
             else {
-                echo  '<center><font color="red">'.get_string('nonumericweight','grades').$category->name.': "'.$submitted_category.'"</font></center><br />';
+                echo  '<center><font color="red">'.get_string('nonumericweight','grades').
+                        format_string($category->name) .': "'.$submitted_category.'"</font></center><br />';
             }
         }
     }
@@ -2403,7 +2404,7 @@ function grade_display_grade_weights() {
             if ($category->name == UNCATEGORISED) {
                 $category->name = get_string(UNCATEGORISED, 'grades');
             }
-            echo  '<tr><td align="center" class="generalboxcontent">'.$category->name.'</td>';
+            echo  '<tr><td align="center" class="generalboxcontent">'. format_string($category->name) .'</td>';
             echo  '<td align="center" class="generalboxcontent"><input type="text" size="5" name="'.$form_catname.'" value="'.$val.'" /></td>';
             echo  '<td align="center" class="generalboxcontent"><input type="text" size="5" name="drop_x_lowest'.$form_catname.'" value="'.$category->drop_x_lowest.'" /></td>';
             echo  '<td align="center" class="generalboxcontent"><input type="text" size="5" name="bonus_points'.$form_catname.'" value="'.$category->bonus_points.'" /></td>';
@@ -2701,10 +2702,10 @@ function grade_category_select($id_selected = 0) {
                 $category->name = get_string('uncategorised', 'grades');
             }
             if ($category->id == $id_selected) {
-                echo  '<option value="'.$category->id.'" selected="selected">'.$category->name.'</option>';
+                echo  '<option value="'.$category->id.'" selected="selected">'. format_string($category->name) .'</option>';
             }
             else {
-                echo  '<option value="'.$category->id.'">'.$category->name.'</option>';
+                echo  '<option value="'.$category->id.'">'. format_string($category->name) .'</option>';
             }
         }
     }
diff --git a/group/assign.php b/group/assign.php
index 1887152bb8..38416ed5be 100644
--- a/group/assign.php
+++ b/group/assign.php
@@ -78,7 +78,7 @@ if ($success) {
     $groupname = groups_get_group_displayname($groupid);
 
     print_header("$course->shortname: $strgroups", 
-                 "$course->fullname", 
+                 $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$courseid\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/user/index.php?id=$courseid\">$strparticipants</a> ".
                  "-> $strgroups", '', '', true, '', user_login_string($course, $USER));
diff --git a/group/group.php b/group/group.php
index a2bf058d8b..6408fc0f6f 100644
--- a/group/group.php
+++ b/group/group.php
@@ -139,7 +139,7 @@ if ($success) {
 /// Print the page and form
 
     print_header("$course->shortname: ". $strheading,
-                 "$course->fullname", 
+                 $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$courseid\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/user/index.php?id=$courseid\">$strparticipants</a> ".
                  "-> $strgroups", '', '', true, '', user_login_string($course, $USER));
diff --git a/group/grouping.php b/group/grouping.php
index 16cebb6339..0ea021bb81 100644
--- a/group/grouping.php
+++ b/group/grouping.php
@@ -104,7 +104,7 @@ if ($success) {
 /// Print the page and form
 
     print_header("$course->shortname: $strgroups", 
-                 "$course->fullname", 
+                 $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$courseid\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/user/index.php?id=$courseid\">$strparticipants</a> ".
                  "-> $strgroups", '', '', true, '', user_login_string($course, $USER));
diff --git a/group/groupui/index.php b/group/groupui/index.php
index 4761d5591e..48f3181cd8 100644
--- a/group/groupui/index.php
+++ b/group/groupui/index.php
@@ -48,7 +48,7 @@ if (!$error) {
 	$strparticipants = get_string('participants');
 	// Print the page and form
 	print_header("$course->shortname: $strgroups", 
-                 "$course->fullname", 
+                 $course->fullname, 
 	             "<a href=\"$CFG->wwwroot/course/view.php?id=$courseid\">$course->shortname</a> ".
 	             "-> <a href=\"$CFG->wwwroot/user/index.php?id=$courseid\">$strparticipants</a> ".
 	             "-> $strgroups", "", "", true, '', user_login_string($course, $USER));
diff --git a/group/groupui/printgrouping.php b/group/groupui/printgrouping.php
index 34da1bf2a4..726f60a4ed 100644
--- a/group/groupui/printgrouping.php
+++ b/group/groupui/printgrouping.php
@@ -38,7 +38,7 @@ if ($success) {
 	// Print the page and form
 	$strgroups = get_string('groups');
 	$strparticipants = get_string('participants');
-	print_header("$course->shortname: $strgroups", "$course->fullname", 
+	print_header("$course->shortname: $strgroups", $course->fullname, 
 	             "<a href=\"$CFG->wwwroot/course/view.php?id=$courseid\">$course->shortname</a> ".
 	             "-> <a href=\"$CFG->wwwroot/user/index.php?id=$courseid\">$strparticipants</a> ".
 	             "-> <a href=\"$CFG->wwwroot/group/groupui/index.php?id=$courseid\">$strgroups</a>".
diff --git a/group/index.php b/group/index.php
index 58cb20fd3e..276a6dee24 100644
--- a/group/index.php
+++ b/group/index.php
@@ -145,7 +145,7 @@ if ($success) {
     $strparticipants = get_string('participants');
 
     print_header("$course->shortname: $strgroups home", //TODO: home
-                 "$course->fullname", 
+                 $course->fullname, 
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$courseid\">$course->shortname</a> ".
                  "-> <a href=\"$CFG->wwwroot/user/index.php?id=$courseid\">$strparticipants</a> ".
                  "-> $strgroups", '', '', true, '', user_login_string($course, $USER));
@@ -154,7 +154,7 @@ if ($success) {
     //TODO: eventually we'll implement all buttons, meantime hide the ones we haven't finised.
     $shownotdone  = false;
     
-    print_heading($course->shortname.' '.$strgroups, 'center', 3);
+    print_heading(format_string($course->shortname) .' '.$strgroups, 'center', 3);
 ?>
 <form id="groupeditform" action="index.php" method="post">
     <div>
diff --git a/lib/accesslib.php b/lib/accesslib.php
index a04ca0d68e..33bed77ee9 100755
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -2511,13 +2511,13 @@ function print_context_name($context) {
 
         case CONTEXT_COURSECAT: // Coursecat -> coursecat or site
             if ($category = get_record('course_categories', 'id', $context->instanceid)) {
-                $name = get_string('category').': '.$category->name;
+                $name = get_string('category').': '. format_string($category->name);
             }
             break;
 
         case CONTEXT_COURSE: // 1 to 1 to course cat
             if ($course = get_record('course', 'id', $context->instanceid)) {
-                $name = get_string('course').': '.$course->fullname;
+                $name = get_string('course').': '. format_string($course->fullname);
             }
             break;
 
diff --git a/lib/db/mysql.php b/lib/db/mysql.php
index 4ceeabbc38..d42ba5eb71 100644
--- a/lib/db/mysql.php
+++ b/lib/db/mysql.php
@@ -126,7 +126,7 @@ function main_upgrade($oldversion=0) {
                     $mod->instance = $news->id;
                     $mod->section = 0;
                     if (! $mod->coursemodule = add_course_module($mod) ) {
-                        notify("Could not add a new course module to the course '$course->fullname'");
+                        notify("Could not add a new course module to the course '" . format_string($course->fullname) . "'");
                         return false;
                     }
                     if (! $sectionid = add_mod_to_section($mod) ) {
@@ -144,7 +144,7 @@ function main_upgrade($oldversion=0) {
                     $mod->instance = $social->id;
                     $mod->section = 0;
                     if (! $mod->coursemodule = add_course_module($mod) ) {
-                        notify("Could not add a new course module to the course '$course->fullname'");
+                        notify("Could not add a new course module to the course '" . format_string($course->fullname) . "'");
                         return false;
                     }
                     if (! $sectionid = add_mod_to_section($mod) ) {
@@ -169,7 +169,7 @@ function main_upgrade($oldversion=0) {
                 $modinfo = serialize(get_array_of_activities($course->id));
 
                 if (!set_field("course", "modinfo", $modinfo, "id", $course->id)) {
-                    notify("Could not cache module information for course '$course->fullname'!");
+                    notify("Could not cache module information for course '" . format_string($course->fullname) . "'!");
                 }
             }
         }
@@ -199,7 +199,7 @@ function main_upgrade($oldversion=0) {
                 $modinfo = serialize(get_array_of_activities($course->id));
 
                 if (!set_field("course", "modinfo", $modinfo, "id", $course->id)) {
-                    notify("Could not cache module information for course '$course->fullname'!");
+                    notify("Could not cache module information for course '" . format_string($course->fullname) . "'!");
                 }
             }
         }
@@ -286,7 +286,7 @@ function main_upgrade($oldversion=0) {
                 $modinfo = serialize(get_array_of_activities($course->id));
 
                 if (!set_field("course", "modinfo", $modinfo, "id", $course->id)) {
-                    notify("Could not cache module information for course '$course->fullname'!");
+                    notify("Could not cache module information for course '" . format_string($course->fullname) . "'!");
                 }
             }
         }
@@ -506,7 +506,7 @@ function main_upgrade($oldversion=0) {
 
         if ($courses = get_records_select("course", "category > 0")) {
             foreach ($courses as $course) {
-                notify("Processing $course->fullname ...", "green");
+                notify("Processing " . format_string($course->fullname) . " ...", "green");
                 flush();
                 if ($users = get_records_select("user_teachers", "course = '$course->id'",
                                                 "id", "id, userid, timeaccess")) {
diff --git a/lib/db/postgres7.php b/lib/db/postgres7.php
index 41ffe24681..22fe33aa25 100644
--- a/lib/db/postgres7.php
+++ b/lib/db/postgres7.php
@@ -63,7 +63,7 @@ function main_upgrade($oldversion=0) {
                 $modinfo = serialize(get_array_of_activities($course->id));
 
                 if (!set_field("course", "modinfo", $modinfo, "id", $course->id)) {
-                    notify("Could not cache module information for course '$course->fullname'!");
+                    notify("Could not cache module information for course '" . format_string($course->fullname) . "'!");
                 }
             }
         }
@@ -255,7 +255,7 @@ function main_upgrade($oldversion=0) {
 
         if ($courses = get_records_select("course", "category > 0")) {
             foreach ($courses as $course) {
-                notify("Processing $course->fullname ...", "green");
+                notify("Processing " . format_string($course->fullname) . " ...", "green");
                 flush();
                 if ($users = get_records_select("user_teachers", "course = '$course->id'", 
                                                 "id", "id, userid, timeaccess")) {
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 17bc7197ac..09c37521d0 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1752,7 +1752,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null) {
                 case 1:    /// Guests always allowed 
                     if (!has_capability('moodle/course:view', $context)) {    // Prohibited by capability
                         print_header_simple();
-                        notice(get_string('guestsnotallowed', '', $COURSE->fullname), "$CFG->wwwroot/login/index.php");
+                        notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), "$CFG->wwwroot/login/index.php");
                     }
                     if (!empty($cm) and !$cm->visible) { // Not allowed to see module, send to course page
                         redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, 
@@ -1773,9 +1773,9 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null) {
                 default:    /// Guests not allowed
                     print_header_simple('', '', get_string('loggedinasguest'));
                     if (empty($USER->switchrole[$context->id])) {  // Normal guest
-                        notice(get_string('guestsnotallowed', '', $COURSE->fullname), "$CFG->wwwroot/login/index.php");
+                        notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), "$CFG->wwwroot/login/index.php");
                     } else {
-                        notify(get_string('guestsnotallowed', '', $COURSE->fullname));
+                        notify(get_string('guestsnotallowed', '', format_string($COURSE->fullname)));
                         echo '<div class="notifyproblem">'.switchroles_form($COURSE->id).'</div>';
                         print_footer($COURSE);
                         exit;
@@ -3663,7 +3663,7 @@ function email_welcome_message_to_user($course, $user=NULL) {
     }
 
     if (!empty($course->welcomemessage)) {
-        $subject = get_string('welcometocourse', '', $course->fullname);
+        $subject = get_string('welcometocourse', '', format_string($course->fullname));
 
         $a->coursename = $course->fullname;
         $a->profileurl = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id";
diff --git a/lib/questionlib.php b/lib/questionlib.php
index 2713996c7f..b4b311ec86 100644
--- a/lib/questionlib.php
+++ b/lib/questionlib.php
@@ -495,7 +495,7 @@ function question_delete_course($course, $feedback=true) {
                     if (!isset($course->shortname)) {
                         $course->shortname = 'id=' . $course->id;
                     }
-                    $concat->name = get_string('savedfromdeletedcourse', 'quiz', $course->shortname);
+                    $concat->name = get_string('savedfromdeletedcourse', 'quiz', format_string($course->shortname));
                     $concat->info = $concat->name;
                     $concat->publish = 1;
                     $concat->stamp = make_unique_id_code();
diff --git a/lib/simpletest/testweblib.php b/lib/simpletest/testweblib.php
new file mode 100644
index 0000000000..9506311406
--- /dev/null
+++ b/lib/simpletest/testweblib.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Unit tests for (some of) ../weblib.php.
+ *
+ * @copyright &copy; 2006 The Open University
+ * @author T.J.Hunt@open.ac.uk
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodlecore
+ */
+
+/** */
+require_once(dirname(__FILE__) . '/../../config.php');
+
+global $CFG;
+require_once($CFG->libdir . '/simpletestlib.php');
+require_once($CFG->libdir . '/weblib.php');
+
+class web_test extends UnitTestCase {
+
+    function setUp() {
+    }
+
+    function tearDown() {
+    }
+
+    function test_format_string() {
+        $this->assertEqual(format_string("& &&&&& &&"), "&amp; &amp;&amp;&amp;&amp;&amp; &amp;&amp;");        
+        $this->assertEqual(format_string("ANother & &&&&& Category"), "ANother &amp; &amp;&amp;&amp;&amp;&amp; Category");
+        $this->assertEqual(format_string("ANother & &&&&& Category", true), "ANother &amp; &amp;&amp;&amp;&amp;&amp; Category");
+        $this->assertEqual(format_string("Nick's Test Site & Other things", true), "Nick's Test Site &amp; Other things");
+    }    
+}
+?>
diff --git a/lib/weblib.php b/lib/weblib.php
index 3f0f7c79aa..e53d70ed26 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1410,7 +1410,10 @@ function format_title($string, $plaintext=true, $courseid=null) {
 function format_string ($string, $striplinks = false, $courseid=NULL ) {
 
     global $CFG, $COURSE;
-
+    
+    // First replace all ampersands not followed html entity code
+    $string = preg_replace("/\&(?![a-z0-9]{1,8};)/", "&amp;", $string);
+    
     //We'll use a in-memory cache here to speed up repeated strings
     static $strcache = false;
 
@@ -1436,7 +1439,8 @@ function format_string ($string, $striplinks = false, $courseid=NULL ) {
 
     //Store to cache
     $strcache[$md5] = $string;
-
+       
+        
     return $string;
 }
 
@@ -2032,7 +2036,9 @@ function print_header ($title='', $heading='', $navigation='', $focus='',
                        $usexml=false, $bodytags='', $return=false) {
 
     global $USER, $CFG, $THEME, $SESSION, $ME, $SITE, $COURSE;
-
+    
+    $heading = format_string($heading); // Fix for MDL-8582
+    
 /// This makes sure that the header is never repeated twice on a page
     if (defined('HEADER_PRINTED')) {
         debugging('print_header() was called more than once - this should not happen.  Please check the code for this page closely. Note: error() and redirect() are now safe to call after print_header().');
@@ -2222,7 +2228,8 @@ function print_header ($title='', $heading='', $navigation='', $focus='',
     $bodytags .= ' class="'.$pageclass.'" id="'.$pageid.'"';
 
     ob_start();
-    $title = s($title); // fix for MDL-8582
+
+    $title = format_string($title); // fix for MDL-8582
     include($CFG->header);
     $output = ob_get_contents();
     ob_end_clean();
@@ -2317,10 +2324,10 @@ function print_header_simple($title='', $heading='', $navigation='', $focus='',
 
     $shortname ='';
     if ($COURSE->id != SITEID) {
-        $shortname = '<a href="'.$CFG->wwwroot.'/course/view.php?id='. $COURSE->id .'">'. s($COURSE->shortname) .'</a> ->';
+        $shortname = '<a href="'.$CFG->wwwroot.'/course/view.php?id='. $COURSE->id .'">'. $COURSE->shortname .'</a> ->';
     }
 
-    $output = print_header(s($COURSE->shortname) .': '. s($title), s($COURSE->fullname) .' '. s($heading), $shortname.' '. $navigation, $focus, $meta,
+    $output = print_header($COURSE->shortname .': '. $title, $COURSE->fullname .' '. $heading, $shortname.' '. $navigation, $focus, $meta,
                            $cache, $button, $menu, $usexml, $bodytags, true);
 
     if ($return) {
@@ -2358,7 +2365,7 @@ function print_footer($course=NULL, $usercourse=NULL, $return=false) {
             $home  = true;
         } else {
             $homelink = '<div class="homelink"><a '.$CFG->frametarget.' href="'.$CFG->wwwroot.
-                        '/course/view.php?id='.$course->id.'">'.s($course->shortname).'</a></div>';
+                        '/course/view.php?id='.$course->id.'">'.format_string($course->shortname).'</a></div>';
             $home  = false;
         }
     } else {
@@ -2813,16 +2820,47 @@ function print_navigation ($navigation, $separator=0, $return=false) {
     }
 
     if ($navigation) {
-        //Accessibility: breadcrumb links now in a list, &raquo; replaced with a 'silent' character.
-        $nav_text = get_string('youarehere','access');
-        $output .= '<h2 class="accesshide">'.$nav_text."</h2><ul>\n";
+        
+        if (!is_array($navigation)) {
+            $ar = explode('->', $navigation);
+            $navigation = array();
+            
+            foreach ($ar as $a) {
+                if (strpos($a, '</a>') === false) {
+                    $navigation[trim(format_string($a))] = '';
+                } else {
+                    if (preg_match('/<a.*href="([^"]*)">(.*)<\/a>/', $a, $matches)) {                  
+                        $navigation[trim(format_string($matches[2]))] = $matches[1];
+                    }
+                }
+            }
+        }
+
         if (! $site = get_site()) {
+            $site = new object();
             $site->shortname = get_string('home');
         }
-
-        $navigation = "<li>$separator ". str_replace('->', "</li>\n<li>$separator", $navigation) ."</li>\n";
-        $output .= '<li class="first"><a '.$CFG->frametarget.' onclick="this.target=\''.$CFG->framename.'\'" href="'. $CFG->wwwroot.((!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID)) && !empty($USER->id) && !empty($CFG->mymoodleredirect) && !isguest())
-                                                                       ? '/my' : '') .'/">'. $site->shortname ."</a></li>\n". $navigation;
+        
+        //Accessibility: breadcrumb links now in a list, &raquo; replaced with a 'silent' character.
+        $nav_text = get_string('youarehere','access');
+        $output .= '<h2 class="accesshide">'.$nav_text."</h2><ul>\n";
+        
+        $output .= '<li class="first"><a '.$CFG->frametarget.' onclick="this.target=\''.$CFG->framename.'\'" href="'
+               .$CFG->wwwroot.((!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM, SITEID))
+                                 && !empty($USER->id) && !empty($CFG->mymoodleredirect) && !isguest())
+                                 ? '/my' : '') .'/">'. format_string($site->shortname) ."</a></li>\n";
+        
+        
+        foreach ($navigation as $title=>$url) {
+            $title = strip_tags(format_string($title));
+            if (empty($url)) {
+                $output .= '<li class="first">'."$separator $title</li>\n";
+            } else {
+                $output .= '<li class="first">' . $separator  . ' <a '.$CFG->frametarget.' onclick="this.target=\''.$CFG->framename.'\'" href="'
+                           .$url.'">'."$title</a></li>\n";
+            }
+        }    
+        
         $output .= "</ul>\n";
     }
 
@@ -5730,4 +5768,4 @@ function frametarget() {
 }
 
 // vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140:
-?>
\ No newline at end of file
+?>
diff --git a/message/index.php b/message/index.php
index 7f12d4388f..10f2ba570d 100644
--- a/message/index.php
+++ b/message/index.php
@@ -51,10 +51,10 @@
 
 /// Header on this page
     if ($tab == 'contacts') {
-        print_header(get_string('messages', 'message').' - '.$SITE->fullname, '', '', '', 
+        print_header(get_string('messages', 'message').' - '.format_string($SITE->fullname), '', '', '', 
                 '<meta http-equiv="refresh" content="'. $CFG->message_contacts_refresh .'; url=index.php" />');
     } else {
-        print_header(get_string('messages', 'message').' - '.$SITE->fullname);
+        print_header(get_string('messages', 'message').' - '.format_string($SITE->fullname));
     }
 
     echo '<table cellspacing="2" cellpadding="2" border="0" align="center" width="95%">';
diff --git a/mod/assignment/lib.php b/mod/assignment/lib.php
index fa274b1f82..a2d82cf836 100644
--- a/mod/assignment/lib.php
+++ b/mod/assignment/lib.php
@@ -1763,7 +1763,7 @@ function assignment_cron () {
             course_setup($course);
 
             if (!has_capability('moodle/course:view', get_context_instance(CONTEXT_COURSE, $submission->course), $user->id)) {
-                echo fullname($user)." not an active participant in $course->shortname\n";
+                echo fullname($user)." not an active participant in " . format_string($course->shortname) . "\n";
                 continue;
             }
 
diff --git a/mod/chat/gui_header_js/index.php b/mod/chat/gui_header_js/index.php
index 712a7a4b25..65e4d8656c 100644
--- a/mod/chat/gui_header_js/index.php
+++ b/mod/chat/gui_header_js/index.php
@@ -64,7 +64,7 @@
  <head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>
-   <?php echo "$strchat: $course->shortname: ".format_string($chat->name,true)."$groupname" ?>
+   <?php echo "$strchat: " . format_string($course->shortname) . ": ".format_string($chat->name,true)."$groupname" ?>
   </title>
  </head>
  <frameset cols="*,200" border="5" framespacing="no" frameborder="yes" marginwidth="2" marginheight="1">
diff --git a/mod/chat/gui_sockets/index.php b/mod/chat/gui_sockets/index.php
index 220b37010c..33ca929dc1 100644
--- a/mod/chat/gui_sockets/index.php
+++ b/mod/chat/gui_sockets/index.php
@@ -59,7 +59,7 @@
  <head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>
-   <?php echo "$strchat: $course->shortname: ".format_string($chat->name,true)."$groupname" ?>
+   <?php echo "$strchat: " . format_string($course->shortname) . ": ".format_string($chat->name,true)."$groupname" ?>
   </title>
  </head>
  <frameset cols="*,200" border="5" framespacing="no" frameborder="yes" marginwidth="2" marginheight="1">
diff --git a/mod/choice/view.php b/mod/choice/view.php
index 30ef203938..5673836771 100644
--- a/mod/choice/view.php
+++ b/mod/choice/view.php
@@ -122,7 +122,7 @@
             echo '<p align="center">'. get_string('noguestchoose', 'choice') .'</p>';
             echo '<div class="continuebutton">';
             print_single_button($CFG->wwwroot.'/course/enrol.php?id='.$course->id, NULL, 
-                                get_string('enrolme', '', $course->shortname), 'post', $CFG->framename);
+                                get_string('enrolme', '', format_string($course->shortname)), 'post', $CFG->framename);
             echo '</div>'."\n";
             print_simple_box_end();
 
diff --git a/mod/data/edit.php b/mod/data/edit.php
index e2b884a925..6253d4a526 100755
--- a/mod/data/edit.php
+++ b/mod/data/edit.php
@@ -96,7 +96,7 @@
     if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
         $rsspath = rss_get_url($course->id, $USER->id, 'data', $data->id);
         $meta .= '<link rel="alternate" type="application/rss+xml" ';
-        $meta .= 'title ="'.$course->shortname.': %fullname%" href="'.$rsspath.'" />';
+        $meta .= 'title ="'. format_string($course->shortname) .': %fullname%" href="'.$rsspath.'" />';
     }
     if ($data->csstemplate) {
         $meta .= '<link rel="stylesheet" type="text/css" href="'.$CFG->wwwroot.'/mod/data/css.php?d='.$data->id.'" /> ';
diff --git a/mod/data/view.php b/mod/data/view.php
index 69e95ecafe..6ca69d8618 100755
--- a/mod/data/view.php
+++ b/mod/data/view.php
@@ -222,7 +222,7 @@
     if (!empty($CFG->enablerssfeeds) && !empty($CFG->data_enablerssfeeds) && $data->rssarticles > 0) {
         $rsspath = rss_get_url($course->id, $USER->id, 'data', $data->id);
         $meta .= '<link rel="alternate" type="application/rss+xml" ';
-        $meta .= 'title ="'.$course->shortname.': %fullname%" href="'.$rsspath.'" />';
+        $meta .= 'title ="'. format_string($course->shortname) .': %fullname%" href="'.$rsspath.'" />';
     }
     if ($data->csstemplate) {
         $meta .= '<link rel="stylesheet" type="text/css" href="'.$CFG->wwwroot.'/mod/data/css.php?d='.$data->id.'" /> ';
diff --git a/mod/forum/discuss.php b/mod/forum/discuss.php
index b9f8175aa5..9736f6c6c7 100644
--- a/mod/forum/discuss.php
+++ b/mod/forum/discuss.php
@@ -152,11 +152,11 @@
     $searchform = forum_search_form($course);
 
     if ($course->id != SITEID) {
-        print_header("$course->shortname: ".format_string($discussion->name), "$course->fullname",
+        print_header("$course->shortname: ".format_string($discussion->name), $course->fullname,
                      "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> ->
                       $navmiddle $navtail", "", "", true, $searchform, navmenu($course, $cm));
     } else {
-        print_header("$course->shortname: ".format_string($discussion->name), "$course->fullname",
+        print_header("$course->shortname: ".format_string($discussion->name), $course->fullname,
                      "$navmiddle $navtail", "", "", true, $searchform, navmenu($course, $cm));
     }
 
diff --git a/mod/forum/index.php b/mod/forum/index.php
index df7c92f0e4..14bcff3147 100644
--- a/mod/forum/index.php
+++ b/mod/forum/index.php
@@ -149,10 +149,10 @@
         $returnto = forum_go_back_to("index.php?id=$course->id");
         if ($subscribe) {
             add_to_log($course->id, "forum", "subscribeall", "index.php?id=$course->id", $course->id);
-            redirect($returnto, get_string("nowallsubscribed", "forum", $course->shortname), 1);
+            redirect($returnto, get_string("nowallsubscribed", "forum", format_string($course->shortname)), 1);
         } else {
             add_to_log($course->id, "forum", "unsubscribeall", "index.php?id=$course->id", $course->id);
-            redirect($returnto, get_string("nowallunsubscribed", "forum", $course->shortname), 1);
+            redirect($returnto, get_string("nowallunsubscribed", "forum", format_string($course->shortname)), 1);
         }
     }
 
@@ -453,11 +453,11 @@
     /// Output the page
 
     if ($course->id != SITEID) {
-        print_header("$course->shortname: $strforums", "$course->fullname",
+        print_header("$course->shortname: $strforums", $course->fullname,
                     "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> -> $strforums",
                     "", "", true, $searchform, navmenu($course));
     } else {
-        print_header("$course->shortname: $strforums", "$course->fullname", "$strforums",
+        print_header("$course->shortname: $strforums", $course->fullname, "$strforums",
                     "", "", true, $searchform, navmenu($course));
     }
 
diff --git a/mod/forum/lib.php b/mod/forum/lib.php
index 3a42cc2c68..e7db81aead 100644
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@@ -1726,7 +1726,7 @@ function forum_get_course_forum($courseid, $type) {
     $mod->instance = $forum->id;
     $mod->section = 0;
     if (! $mod->coursemodule = add_course_module($mod) ) {   // assumes course/lib.php is loaded
-        notify("Could not add a new course module to the course '$course->fullname'");
+        notify("Could not add a new course module to the course '" . format_string($course->fullname) . "'");
         return false;
     }
     if (! $sectionid = add_mod_to_section($mod) ) {   // assumes course/lib.php is loaded
diff --git a/mod/forum/post.php b/mod/forum/post.php
index 1ef1150333..b26815d11b 100644
--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@@ -654,13 +654,13 @@
     }
     if ($course->id != SITEID) {
         print_header("$course->shortname: $strdiscussionname ".
-                      format_string($toppost->subject), "$course->fullname",
+                      format_string($toppost->subject), $course->fullname,
                      "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> ->
                       $navmiddle $navtail", $mform_post->focus(), "", true, "", navmenu($course, $cm));
 
     } else {
         print_header("$course->shortname: $strdiscussionname ".
-                      format_string($toppost->subject), "$course->fullname",
+                      format_string($toppost->subject), $course->fullname,
                      "$navmiddle $navtail", $mform_post->focus(), "", true, "", navmenu($course, $cm));
 
     }
diff --git a/mod/forum/user.php b/mod/forum/user.php
index a28e33a915..4fb6749302 100644
--- a/mod/forum/user.php
+++ b/mod/forum/user.php
@@ -37,13 +37,13 @@
     $fullname        = fullname($user, has_capability('moodle/site:viewfullnames', $syscontext));
 
     if ($course->id != SITEID) {
-        print_header("$course->shortname: $fullname: $strmode", "$course->fullname",
+        print_header("$course->shortname: $fullname: $strmode", $course->fullname,
                  "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> ->
                   <a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">$strparticipants</a> ->
                   <a href=\"$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$course->id\">$fullname</a> -> 
                   $strforumposts -> $strmode");
     } else {
-        print_header("$course->shortname: $fullname: $strmode", "$course->fullname",
+        print_header("$course->shortname: $fullname: $strmode", $course->fullname,
                  "<a href=\"$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$course->id\">$fullname</a> -> 
                   $strforumposts -> $strmode");
     }
diff --git a/mod/glossary/export.php b/mod/glossary/export.php
index e27b601cf0..305d42c2bf 100644
--- a/mod/glossary/export.php
+++ b/mod/glossary/export.php
@@ -43,7 +43,7 @@
         require_login($course->id);
     }
 
-    print_header("$course->shortname: ".format_string($glossary->name), "$course->fullname",
+    print_header("$course->shortname: ".format_string($glossary->name), $course->fullname,
         "$navigation <a href=\"index.php?id=$course->id\">$strglossaries</a> -> ".format_string($glossary->name),
         "", "", true, update_module_button($cm->id, $course->id, $strglossary),
         navmenu($course, $cm));
diff --git a/mod/glossary/print.php b/mod/glossary/print.php
index d99bc3abd2..1aa8dae028 100644
--- a/mod/glossary/print.php
+++ b/mod/glossary/print.php
@@ -145,8 +145,8 @@
 
     $site = get_record("course","id",1);
     echo '<p align="right"><font size="-1">' . userdate(time()) . '</font></p>';
-    echo get_string("site") . ': <strong>' . $site->fullname . '</strong><br />';
-    echo get_string("course") . ': <strong>' . $course->fullname . ' ('. $course->shortname . ')</strong><br />';
+    echo get_string("site") . ': <strong>' . format_string($site->fullname) . '</strong><br />';
+    echo get_string("course") . ': <strong>' . format_string($course->fullname) . ' ('. format_string($course->shortname) . ')</strong><br />';
     echo get_string("modulename","glossary") . ': <strong>' . format_string($glossary->name, true) . '</strong>';
     if ( $allentries ) {
         foreach ($allentries as $entry) {
diff --git a/mod/glossary/showentry.php b/mod/glossary/showentry.php
index febbd5b579..a01affd8fb 100644
--- a/mod/glossary/showentry.php
+++ b/mod/glossary/showentry.php
@@ -49,10 +49,10 @@
 
         $CFG->framename = "newwindow";
         if ($course->id != SITEID) {
-            print_header(strip_tags("$course->shortname: $strglossaries $strsearch"), "$course->fullname",
+            print_header(strip_tags("$course->shortname: $strglossaries $strsearch"), $course->fullname,
             "<a target=\"newwindow\" href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> $strglossaries -> $strsearch", "", "", true, "&nbsp;", "&nbsp;");
         } else {
-            print_header(strip_tags("$course->shortname: $strglossaries $strsearch"), "$course->fullname",
+            print_header(strip_tags("$course->shortname: $strglossaries $strsearch"), $course->fullname,
             "$strglossaries -> $strsearch", "", "", true, "&nbsp;", "&nbsp;");
         }
 
diff --git a/mod/hotpot/index.php b/mod/hotpot/index.php
index 1d15ee6e9f..04bd0e1495 100644
--- a/mod/hotpot/index.php
+++ b/mod/hotpot/index.php
@@ -34,9 +34,9 @@
 
     // Print the header
 
-    $title = "$course->shortname: $strmodulenameplural";
-    $heading = "$course->fullname";
-    $navigation = "$strmodulenameplural";
+    $title = format_string($course->shortname) . ": $strmodulenameplural";
+    $heading = $course->fullname;
+    $navigation = $strmodulenameplural;
     if ($course->id != SITEID) {
         $navigation = "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> -> $navigation";
     }
diff --git a/mod/hotpot/report.php b/mod/hotpot/report.php
index b4007f79d6..13883d8465 100644
--- a/mod/hotpot/report.php
+++ b/mod/hotpot/report.php
@@ -398,8 +398,8 @@ function hotpot_print_report_heading(&$course, &$cm, &$hotpot, &$mode) {
     $strmodulenameplural = get_string("modulenameplural", "hotpot");
     $strmodulename  = get_string("modulename", "hotpot");
 
-    $title = "$course->shortname: $hotpot->name";
-    $heading = "$course->fullname";
+    $title = format_string($course->shortname) . ": $hotpot->name";
+    $heading = $course->fullname;
 
     $navigation = "<a href=index.php?id=$course->id>$strmodulenameplural</a> -> ";
     $navigation .= "<a href=\"view.php?id=$cm->id\">$hotpot->name</a> -> ";
diff --git a/mod/hotpot/review.php b/mod/hotpot/review.php
index 0f9357e216..d0f7f39878 100644
--- a/mod/hotpot/review.php
+++ b/mod/hotpot/review.php
@@ -50,8 +50,8 @@
     $strmodulenameplural = get_string("modulenameplural", "hotpot");
     $strmodulename  = get_string("modulename", "hotpot");
     // print header
-    $title = "$course->shortname: $hotpot->name";
-    $heading = "$course->fullname";
+    $title = format_string($course->shortname) . ": $hotpot->name";
+    $heading = $course->fullname;
     $navigation = "<a href=\"index.php?id=$course->id\">$strmodulenameplural</a> -> ".get_string("review", "quiz");
     if ($course->id != SITEID) {
         $navigation = "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> -> $navigation";
diff --git a/mod/hotpot/view.php b/mod/hotpot/view.php
index 9e31573706..375d9fab63 100644
--- a/mod/hotpot/view.php
+++ b/mod/hotpot/view.php
@@ -40,8 +40,8 @@
     // set nextpage (for error messages)
     $nextpage = "$CFG->wwwroot/course/view.php?id=$course->id";
     // header strings
-    $title = strip_tags($course->shortname.': '.$hotpot->name);
-    $heading = "$course->fullname";
+    $title = format_string($course->shortname.': '.$hotpot->name, true);
+    $heading = $course->fullname;
     $navigation = '<a '.$CFG->frametarget.' href="'.$CFG->wwwroot.'/mod/hotpot/index.php?id='.$course->id.'">'.get_string("modulenameplural", "hotpot")."</a> -> $hotpot->name";
     if ($course->id != SITEID) {
         $navigation = '<a '.$CFG->frametarget.' href="'.$CFG->wwwroot.'/course/view.php?id='.$course->id.'">'.$course->shortname.'</a> -> '.$navigation;
diff --git a/mod/lams/index.php b/mod/lams/index.php
index 62399df417..83d1ecb269 100644
--- a/mod/lams/index.php
+++ b/mod/lams/index.php
@@ -28,7 +28,7 @@
         $navigation = "<a href=\"../../course/view.php?id=$course->id\">$course->shortname</a> ->";
     }
 
-    print_header("$course->shortname: $strlamss", "$course->fullname", "$navigation $strlamss", "", "", true, "", navmenu($course));
+    print_header("$course->shortname: $strlamss", $course->fullname, "$navigation $strlamss", "", "", true, "", navmenu($course));
 
 /// Get all the appropriate data
 
diff --git a/mod/lesson/index.php b/mod/lesson/index.php
index 10b9802bde..26c90cc810 100644
--- a/mod/lesson/index.php
+++ b/mod/lesson/index.php
@@ -36,7 +36,7 @@
         $navigation = '';
     }
 
-    print_header("$course->shortname: $strlessons", "$course->fullname", "$navigation $strlessons", "", "", true, "", navmenu($course));
+    print_header("$course->shortname: $strlessons", $course->fullname, "$navigation $strlessons", "", "", true, "", navmenu($course));
 
 /// Get all the appropriate data
 
diff --git a/mod/resource/index.php b/mod/resource/index.php
index 22cd156bc5..7f3ae9c29c 100644
--- a/mod/resource/index.php
+++ b/mod/resource/index.php
@@ -27,7 +27,7 @@
     $strsummary = get_string("summary");
     $strlastmodified = get_string("lastmodified");
 
-    print_header("$course->shortname: $strresources", "$course->fullname", "$navigation $strresources", 
+    print_header("$course->shortname: $strresources", $course->fullname, "$navigation $strresources", 
                  "", "", true, "", navmenu($course));
 
     if (! $resources = get_all_instances_in_course("resource", $course)) {
diff --git a/mod/resource/type/file/resource.class.php b/mod/resource/type/file/resource.class.php
index 0537b4fc49..a00c6f605b 100644
--- a/mod/resource/type/file/resource.class.php
+++ b/mod/resource/type/file/resource.class.php
@@ -354,7 +354,7 @@ function display() {
         echo "<html dir=\"ltr\">\n";
         echo '<head>';
         echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
-        echo "<title>{$course->shortname}: ".strip_tags(format_string($resource->name,true))."</title></head>\n";
+        echo "<title>" . format_string($course->shortname) . ": ".strip_tags(format_string($resource->name,true))."</title></head>\n";
         echo "<frameset rows=\"$CFG->resource_framesize,*\">";
         echo "<frame src=\"view.php?id={$cm->id}&amp;type={$resource->type}&amp;frameset=top\" title=\"".get_string('modulename','resource')."\"/>";
         if (!empty($localpath)) {  // Show it like this so we interpose some HTML
diff --git a/mod/resource/type/repository/resource.class.php b/mod/resource/type/repository/resource.class.php
index d851076743..75400a6bfb 100644
--- a/mod/resource/type/repository/resource.class.php
+++ b/mod/resource/type/repository/resource.class.php
@@ -347,7 +347,7 @@ function display() {
         echo "<html dir=\"ltr\">\n";
         echo '<head>';
         echo '<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />';
-        echo "<title>{$course->shortname}: ".strip_tags(format_string($resource->name,true))."</title></head>\n";
+        echo "<title>" . format_string($course->shortname) . ": ".strip_tags(format_string($resource->name,true))."</title></head>\n";
         echo "<frameset rows=\"$CFG->resource_framesize,*\">";
         echo "<frame src=\"view.php?id={$cm->id}&amp;type={$resource->type}&amp;frameset=top\" title=\"".get_string('modulename','resource')."\"/>";
         if (!empty($localpath)) {  // Show it like this so we interpose some HTML
diff --git a/mod/scorm/player.php b/mod/scorm/player.php
index d2f6e68695..d3918ab864 100755
--- a/mod/scorm/player.php
+++ b/mod/scorm/player.php
@@ -61,7 +61,7 @@
     $pagetitle = strip_tags("$course->shortname: ".format_string($scorm->name));
 
     if (!$cm->visible and !has_capability('moodle/course:viewhiddenactivities', get_context_instance(CONTEXT_COURSE,$course->id))) {
-        print_header($pagetitle, "$course->fullname",
+        print_header($pagetitle, $course->fullname,
                  "$navigation <a $CFG->frametarget href=\"view.php?id=$cm->id\">".format_string($scorm->name,true)."</a>",
                  '', '', true, update_module_button($cm->id, $course->id, $strscorm), '', false);
         notice(get_string("activityiscurrentlyhidden"));
@@ -125,7 +125,7 @@
         $bodyscript = 'onunload="main.close();"';
     }
     $exitlink = '(<a href="'.$CFG->wwwroot.'/course/view.php?id='.$cm->course.'">'.get_string('exit','scorm').'</a>)&nbsp;';
-    print_header($pagetitle, "$course->fullname",
+    print_header($pagetitle, $course->fullname,
                  "$navigation <a $CFG->frametarget href=\"view.php?id=$cm->id\">".format_string($scorm->name,true)."</a>",
                  '', '', true, $exitlink.update_module_button($cm->id, $course->id, $strscorm), '', false, $bodyscript);
     if ($sco->scormtype == 'sco') {
diff --git a/mod/scorm/report.php b/mod/scorm/report.php
index 7967a4c266..136366d23a 100755
--- a/mod/scorm/report.php
+++ b/mod/scorm/report.php
@@ -70,19 +70,19 @@
         $strname  = get_string('name');
         if (empty($b)) {
             if (empty($a)) {
-                print_header("$course->shortname: ".format_string($scorm->name), "$course->fullname",
+                print_header("$course->shortname: ".format_string($scorm->name), $course->fullname,
                              "$navigation <a href=\"index.php?id=$course->id\">$strscorms</a>
                               -> <a href=\"view.php?id=$cm->id\">".format_string($scorm->name,true)."</a> -> $strreport",
                              '', '', true);
             } else {
-                print_header("$course->shortname: ".format_string($scorm->name), "$course->fullname",
+                print_header("$course->shortname: ".format_string($scorm->name), $course->fullname,
                              "$navigation <a href=\"index.php?id=$course->id\">$strscorms</a>
                               -> <a href=\"view.php?id=$cm->id\">".format_string($scorm->name,true)."</a>
                               -> <a href=\"report.php?id=$cm->id\">$strreport</a> -> $strattempt $attempt - ".fullname($userdata),
                              '', '', true);
             }
         } else {
-            print_header("$course->shortname: ".format_string($scorm->name), "$course->fullname",
+            print_header("$course->shortname: ".format_string($scorm->name), $course->fullname,
                      "$navigation <a href=\"index.php?id=$course->id\">$strscorms</a>
                       -> <a href=\"view.php?id=$cm->id\">".format_string($scorm->name,true)."</a>
                       -> <a href=\"report.php?id=$cm->id\">$strreport</a>
diff --git a/mod/scorm/view.php b/mod/scorm/view.php
index ddbee264d1..1d547b1be0 100755
--- a/mod/scorm/view.php
+++ b/mod/scorm/view.php
@@ -66,7 +66,7 @@
     //
     // Print the page header
     //
-    print_header($pagetitle, "$course->fullname",
+    print_header($pagetitle, $course->fullname,
                  "$navigation <a $CFG->frametarget href=\"view.php?id=$cm->id\">".format_string($scorm->name,true)."</a>",
                  '', '', true, update_module_button($cm->id, $course->id, $strscorm), navmenu($course, $cm));
 
diff --git a/mod/survey/report.php b/mod/survey/report.php
index f2abe247e7..113f107dc2 100644
--- a/mod/survey/report.php
+++ b/mod/survey/report.php
@@ -65,7 +65,7 @@
                        <a href=\"view.php?id=$cm->id\">".format_string($survey->name,true)."</a> -> ";
     }
 
-    print_header("$course->shortname: ".format_string($survey->name), "$course->fullname", "$navigation $strreport",
+    print_header("$course->shortname: ".format_string($survey->name), $course->fullname, "$navigation $strreport",
                  "", "", true,
                  update_module_button($cm->id, $course->id, $strsurvey), navmenu($course, $cm));
 
diff --git a/mod/workshop/assess.php b/mod/workshop/assess.php
index 99d23b7d07..ebe11ac977 100644
--- a/mod/workshop/assess.php
+++ b/mod/workshop/assess.php
@@ -47,7 +47,7 @@
         echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Frameset//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd\">\n";
         echo "<html $direction>\n";
         echo "<head><meta http-equiv=\"content-type\" content=\"text/html; charset=utf-8\" />\n";
-        echo "<title>{$course->shortname}: ".format_string($workshop->name,true)."</title></head>\n";
+        echo "<title>" . format_string($course->shortname) . ": ".format_string($workshop->name,true)."</title></head>\n";
         echo "<frameset rows=\"50%,*\" border=\"10\">";
         echo "  <frame src=\"assess.php?id=$id&amp;sid=$sid&amp;frameset=top&amp;redirect=$redirect\" border=\"10\" />";
         echo "  <frame src=\"assess.php?id=$id&amp;sid=$sid&amp;frameset=bottom&amp;redirect=$redirect\" />";
diff --git a/question/category_class.php b/question/category_class.php
index 68e52476e9..92cf485785 100644
--- a/question/category_class.php
+++ b/question/category_class.php
@@ -427,7 +427,7 @@ class question_category_object {
 
         $edittable->align['category'] =  "left";
         $edittable->wrap['category'] = "nowrap";
-        $row['category'] = '<input type="text" name="updatename" value="' . $category->name . '" size="15" />';
+        $row['category'] = '<input type="text" name="updatename" value="' . format_string($category->name) . '" size="15" />';
 
         $edittable->align['info'] =  "left";
         $edittable->wrap['info'] = "nowrap";
@@ -583,7 +583,7 @@ class question_category_object {
                 error("No such category $destcategoryid!", "category.php?id={$this->course->id}");
             }
             if (! set_field('question', 'category', $destcategoryid, 'category', $deletecat)) {
-                error("Error while moving questions from category '$category->name' to '$category2->name'", "category.php?id={$this->course->id}");
+                error("Error while moving questions from category '" . format_string($category->name) . "' to '$category2->name'", "category.php?id={$this->course->id}");
             }
 
         } else {
@@ -622,7 +622,7 @@ class question_category_object {
 
         /// Finally delete the category itself
         if (delete_records("question_categories", "id", $category->id)) {
-            notify(get_string("categorydeleted", "quiz", $category->name), 'notifysuccess');
+            notify(get_string("categorydeleted", "quiz", format_string($category->name)), 'notifysuccess');
         }
     }
 
diff --git a/user/edit.php b/user/edit.php
index 26e01d938b..10b5461cf7 100644
--- a/user/edit.php
+++ b/user/edit.php
@@ -104,7 +104,7 @@
                       -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
                       -> $streditmyprofile", "");
     } else {
-        print_header("$course->shortname: $streditmyprofile", "$course->fullname",
+        print_header("$course->shortname: $streditmyprofile", $course->fullname,
                      "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
                       -> $streditmyprofile", "");
     }
diff --git a/user/editadvanced.php b/user/editadvanced.php
index ec40bb6cf5..91482f72d5 100644
--- a/user/editadvanced.php
+++ b/user/editadvanced.php
@@ -174,7 +174,7 @@
                           -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
                           -> $streditmyprofile", "");
         } else {
-            print_header("$course->shortname: $streditmyprofile", "$course->fullname",
+            print_header("$course->shortname: $streditmyprofile", $course->fullname,
                          "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
                           -> $streditmyprofile", "");
         }
diff --git a/user/profile/definelib.php b/user/profile/definelib.php
index 5c1ae827c0..a936f276eb 100644
--- a/user/profile/definelib.php
+++ b/user/profile/definelib.php
@@ -414,7 +414,7 @@ function profile_edit_category($id, $redirect, $adminroot) {
         if (empty($id)) {
             $strheading = get_string('profilecreatenewcategory', 'admin');
         } else {
-            $strheading = get_string('profileeditcategory', 'admin', $category->name);
+            $strheading = get_string('profileeditcategory', 'admin', format_string($category->name));
         }
 
         /// Print the page
diff --git a/user/profile/index.php b/user/profile/index.php
index 9733825342..f2946b5cd1 100644
--- a/user/profile/index.php
+++ b/user/profile/index.php
@@ -123,7 +123,7 @@ foreach ($categories as $category) {
         }
     }
 
-    print_heading($category->name.' '.profile_category_icons($category));
+    print_heading(format_string($category->name) .' '.profile_category_icons($category));
     if (count($table->data)) {
         print_table($table);
     } else {
diff --git a/user/tabs.php b/user/tabs.php
index e960bc0eed..7aba3f3d1f 100644
--- a/user/tabs.php
+++ b/user/tabs.php
@@ -31,7 +31,7 @@
     if ($filtertype == 'site') {
 
         $site = get_site();
-        print_heading($site->fullname);
+        print_heading(format_string($site->fullname));
         
         if ($CFG->bloglevel >= 4) {
             if (has_capability('moodle/course:viewparticipants', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
@@ -49,7 +49,7 @@
     } else if ($filtertype == 'course' && $filterselect) {
 
         $course = get_record('course','id',$filterselect);
-        print_heading($course->fullname);
+        print_heading(format_string($course->fullname));
 
         if ($CFG->bloglevel >= 3) {
 
diff --git a/user/view.php b/user/view.php
index 3994ad07eb..cb5680f7e4 100644
--- a/user/view.php
+++ b/user/view.php
@@ -126,7 +126,7 @@
                       <a href=\"index.php?id=$course->id\">$strparticipants</a> -> $fullname",
                       "", "", true, "&nbsp;", navmenu($course));
     } else {
-        print_header("$course->fullname: $strpersonalprofile: $fullname", "$course->fullname",
+        print_header("$course->fullname: $strpersonalprofile: $fullname", $course->fullname,
                      "$fullname", "", "", true, "&nbsp;", navmenu($course));
     }
 
@@ -296,10 +296,11 @@
         foreach ($mycourses as $mycourse) {
             if ($mycourse->visible and $mycourse->category) {
                 if ($mycourse->id != $course->id){
-                    $courselisting .= "<a href=\"$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$mycourse->id\">$mycourse->fullname</a>, ";
+                    $courselisting .= "<a href=\"$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$mycourse->id\">"
+                        . format_string($mycourse->fullname) . "</a>, ";
                 }
                 else {
-                    $courselisting .= "$mycourse->fullname, ";
+                    $courselisting .= format_string($mycourse->fullname) . ", ";
                 }
             }
             $shown++;
-- 
2.39.5