This issue mostly affects the search form fields. Submitted values for
these fields are typically obtained via optional_param() with
PARAM_NOTAGS specified as the parameter type - see parse_search_field()
methods. Such values themselves are not safe enough to be printed back
directly into the HTML as they might contain malicious code.
While working on the patch, some other places with weak protection were
detected and fixed.
In case of the itemid parameters, explicit clean_param() is added to
make sure we cast the value as an integer. That should make the s()
unnecessary but it was added anyway as an extra protection (just in case
the code flow changes or the parts of the code are re-used elsewhere).
Added new functions to editor api - set/get_text so the
original form text can be determined from an editor.
When calling use_editor() you should first call set_text() with
the text that will be inserted in the form element.
There is also a new scheduled task for cleaning Atto autosave drafts.
version = planned 2015051100 release version
requires= current 2015050500 rc1 version
Note: On purpose, the course format social wrong version (2015102100)
has been kept unmodified. Looking forward a solution right now.
Fix accidental <tr> in some field modify screens
Update mod_data version
Change required asterisk to image
Improve required error message
Fix required icon positions
Remove required code from date field
Add name in labels for fields
Add required field option for multimenu
Remove old required field title text modifier
Add multimenu to behat
Add more comprehensive behat tests
Reload old input when an input error occurs
Behat grammar fixes
Allow location of 0, 0
Use html_writer
Fix existing mod_data behat tests
This is implemented for most fields but not all. The reason is that there are
some fields for which this does not make sense because no entry is a valid entry.
The supported fields are:
checkbox
file
latlong
menu
number
picture
radio
text
textarea
url
The unsupported fields are:
date
multimenu
Non-standard means php.ini was set to something not in the default list (like 7MB),
then the config was saved to that specific value, and now the value in php.ini has been changed
again so 7MB does not appear in the list.
Setting the maximum size for a file or picture field to the course upload limit
would send a value of 0 to the file picker. This patch checks for this 0 value
and handles it appropriately.
The longitude and latitude values were not using format_float and unformat_float.
Changes have been made to the manual entry of records, csv import of records, and the
display of these records.
This allows users to delete their files or pictures when editing their entries
which was previously unavailable.
Also the use of the filemanager allows for drag and drop to be active.
Thanks to Marcus Boon for providing a patch for this issue.
mod/data/field/latlong/kml.php was missing a context variable.
This was causing an error when trying to download a kml file for
google earth. This variable has now been included.
Also included a slight alteration of the URL field class to display the Choose a link button next to the right input area.
Made an alteration to the url field class