From 0efa99834070602b3037374a0c0300ef033f98ec Mon Sep 17 00:00:00 2001
From: Andreas Grabs <moodle@grabs-edv.de>
Date: Fri, 15 Jul 2011 01:50:04 +0200
Subject: [PATCH] MDL-27675 - Feedback module abuses data_submitted

---
 mod/feedback/complete.php                  |  3 ++-
 mod/feedback/complete_guest.php            |  3 ++-
 mod/feedback/item/captcha/lib.php          |  4 ++++
 mod/feedback/item/feedback_item_class.php  |  9 +++++++++
 mod/feedback/item/info/lib.php             |  4 ++++
 mod/feedback/item/label/lib.php            |  4 ++++
 mod/feedback/item/multichoice/lib.php      |  5 ++++-
 mod/feedback/item/multichoicerated/lib.php |  3 +++
 mod/feedback/item/numeric/lib.php          |  4 ++++
 mod/feedback/item/textarea/lib.php         |  4 ++++
 mod/feedback/item/textfield/lib.php        |  4 ++++
 mod/feedback/lib.php                       | 11 +++++++++++
 12 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/mod/feedback/complete.php b/mod/feedback/complete.php
index 7f81b9b9a04..726c08db886 100644
--- a/mod/feedback/complete.php
+++ b/mod/feedback/complete.php
@@ -422,7 +422,8 @@
                         //get the value
                         $frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
                         if(isset($savereturn)) {
-                            $value =  isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+                            $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+                            $value = feedback_clean_input_value($feedbackitem, $value);
                         }else {
                             if(isset($feedbackcompletedtmp->id)) {
                                 $value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, true);
diff --git a/mod/feedback/complete_guest.php b/mod/feedback/complete_guest.php
index a25946d2920..00145a63d08 100644
--- a/mod/feedback/complete_guest.php
+++ b/mod/feedback/complete_guest.php
@@ -372,7 +372,8 @@
                         //get the value
                         $frmvaluename = $feedbackitem->typ . '_'. $feedbackitem->id;
                         if(isset($savereturn)) {
-                            $value =  isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+                            $value = isset($formdata->{$frmvaluename})?$formdata->{$frmvaluename}:NULL;
+                            $value = feedback_clean_input_value($feedbackitem, $value);
                         }else {
                             if(isset($feedbackcompletedtmp->id)) {
                                 $value = feedback_get_item_value($feedbackcompletedtmp->id, $feedbackitem->id, sesskey());
diff --git a/mod/feedback/item/captcha/lib.php b/mod/feedback/item/captcha/lib.php
index 0dcca48e483..8f6ade08ac2 100644
--- a/mod/feedback/item/captcha/lib.php
+++ b/mod/feedback/item/captcha/lib.php
@@ -280,4 +280,8 @@ class feedback_item_captcha extends feedback_item_base {
     function can_switch_require() {
         return false;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_RAW);
+    }
 }
diff --git a/mod/feedback/item/feedback_item_class.php b/mod/feedback/item/feedback_item_class.php
index ddcfcd71496..4d953dbd407 100644
--- a/mod/feedback/item/feedback_item_class.php
+++ b/mod/feedback/item/feedback_item_class.php
@@ -104,6 +104,14 @@ abstract class feedback_item_base {
      */
     abstract function print_item_show_value($item, $value = '');
 
+    /**     
+     * cleans the userinput while submitting the form
+     *
+     * @param mixed $value
+     * @return mixed
+     */
+    abstract function clean_input_value($value);
+
 }
 
 //a dummy class to realize pagebreaks
@@ -129,6 +137,7 @@ class feedback_item_pagebreak extends feedback_item_base {
     function print_item_complete($item, $value = '', $highlightrequire = false) {}
     function print_item_show_value($item, $value = '') {}
     function can_switch_require(){}
+    function clean_input_value($value){}
 
 }
 
diff --git a/mod/feedback/item/info/lib.php b/mod/feedback/item/info/lib.php
index b6311a84eb3..32ecbff0b16 100644
--- a/mod/feedback/item/info/lib.php
+++ b/mod/feedback/item/info/lib.php
@@ -321,4 +321,8 @@ class feedback_item_info extends feedback_item_base {
     function can_switch_require() {
         return false;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_INT);
+    }
 }
diff --git a/mod/feedback/item/label/lib.php b/mod/feedback/item/label/lib.php
index 5e5df4c6478..0ed3fd8c2b4 100644
--- a/mod/feedback/item/label/lib.php
+++ b/mod/feedback/item/label/lib.php
@@ -231,4 +231,8 @@ class feedback_item_label extends feedback_item_base {
     function print_analysed($item, $itemnr = '', $groupid = false, $courseid = false) {}
     function get_printval($item, $value) {}
     function get_analysed($item, $groupid = false, $courseid = false) {}
+    
+    function clean_input_value($value) {
+        return '';
+    }
 }
diff --git a/mod/feedback/item/multichoice/lib.php b/mod/feedback/item/multichoice/lib.php
index 30402b26ecc..7f097baf613 100644
--- a/mod/feedback/item/multichoice/lib.php
+++ b/mod/feedback/item/multichoice/lib.php
@@ -709,8 +709,11 @@ class feedback_item_multichoice extends feedback_item_base {
         return false;
     }
 
-
     function can_switch_require() {
         return true;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_INT);
+    }
 }
diff --git a/mod/feedback/item/multichoicerated/lib.php b/mod/feedback/item/multichoicerated/lib.php
index 41764e9a463..885a0f07153 100644
--- a/mod/feedback/item/multichoicerated/lib.php
+++ b/mod/feedback/item/multichoicerated/lib.php
@@ -588,4 +588,7 @@ class feedback_item_multichoicerated extends feedback_item_base {
         return true;
     }
 
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_INT);
+    }
 }
diff --git a/mod/feedback/item/numeric/lib.php b/mod/feedback/item/numeric/lib.php
index cf646d1348d..dcb3f9718b3 100644
--- a/mod/feedback/item/numeric/lib.php
+++ b/mod/feedback/item/numeric/lib.php
@@ -420,4 +420,8 @@ class feedback_item_numeric extends feedback_item_base {
     function can_switch_require() {
         return true;
     }
+    
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_FLOAT);
+    }
 }
diff --git a/mod/feedback/item/textarea/lib.php b/mod/feedback/item/textarea/lib.php
index 1b4cd134423..e90a447992e 100644
--- a/mod/feedback/item/textarea/lib.php
+++ b/mod/feedback/item/textarea/lib.php
@@ -280,4 +280,8 @@ class feedback_item_textarea extends feedback_item_base {
     function can_switch_require() {
         return true;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_CLEANHTML);
+    }
 }
diff --git a/mod/feedback/item/textfield/lib.php b/mod/feedback/item/textfield/lib.php
index 74f9b88657f..bad1925c1d7 100644
--- a/mod/feedback/item/textfield/lib.php
+++ b/mod/feedback/item/textfield/lib.php
@@ -274,4 +274,8 @@ class feedback_item_textfield extends feedback_item_base {
     function can_switch_require() {
         return true;
     }
+
+    function clean_input_value($value) {
+        return clean_param($value, PARAM_CLEANHTML);
+    }
 }
diff --git a/mod/feedback/lib.php b/mod/feedback/lib.php
index 59c39b62d19..c773586272e 100644
--- a/mod/feedback/lib.php
+++ b/mod/feedback/lib.php
@@ -1841,6 +1841,17 @@ function feedback_get_page_to_continue($feedbackid, $courseid = false, $guestid
 //functions to handle the values
 ////////////////////////////////////////////////
 
+/**     
+ * cleans the userinput while submitting the form.
+ *
+ * @param mixed $value
+ * @return mixed
+ */
+function feedback_clean_input_value($item, $value) {
+    $itemobj = feedback_get_item_class($item->typ);
+    return $itemobj->clean_input_value($value);
+}
+
 /**
  * this saves the values of an completed.
  * if the param $tmp is set true so the values are saved temporary in table feedback_valuetmp.
-- 
2.43.0