Merge branch 'MDL-67587-master-1' of git://github.com/mihailges/moodle
authorEloy Lafuente (stronk7) <stronk7@moodle.org>
Fri, 10 Apr 2020 10:09:55 +0000 (12:09 +0200)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Fri, 10 Apr 2020 15:04:13 +0000 (17:04 +0200)
commit594b4b98b7f47b3cd493951a5f7eb1f780d1836a
treecf07125a9214eb64e5fecda085e196afd52219d2
parent767fa3a64b090372af70e042f05a01b940d706a7
parent0da344353983c35843be2b427110307733ad9e0c
Merge branch 'MDL-67587-master-1' of git://github.com/mihailges/moodle

Changed PARAM_TEXT to PARAM_NOTAGS to "search" param
because it's the same but WITHOUT lang support and we
don't need lang support there.

Of course, both require to verify that the output is always
escaped. In this case (mustache) it is. Or also p() or s().

Without that XSS on form values are relatively easy!