It turns out that you should almost never use PARAM_CLEANHTML.
define('PARAM_CAPABILITY', 'capability');
/**
- * PARAM_CLEANHTML - cleans submitted HTML code. use only for text in HTML format. This cleaning may fix xhtml strictness too.
+ * PARAM_CLEANHTML - cleans submitted HTML code. Note that you almost never want
+ * to use this. The normal mode of operation is to use PARAM_RAW when recieving
+ * the input (required/optional_param or formslib) and then sanitse the HTML
+ * using format_text on output. This is for the rare cases when you want to
+ * sanitise the HTML on input. This cleaning may also fix xhtml strictness.
*/
define('PARAM_CLEANHTML', 'cleanhtml');
* @var string special value to indicate a response variable that is uploaded
* files.
*/
- const PARAM_CLEANHTML_FILES = 'paramcleanhtmlfiles';
+ const PARAM_RAW_FILES = 'paramrawfiles';
/** @var integer if this attempts is stored in the question_attempts table, the id of that row. */
protected $id = null;
case self::PARAM_FILES:
return $this->process_response_files($name, $name, $postdata);
- case self::PARAM_CLEANHTML_FILES:
- $var = $this->get_submitted_var($name, PARAM_CLEANHTML, $postdata);
+ case self::PARAM_RAW_FILES:
+ $var = $this->get_submitted_var($name, PARAM_RAW, $postdata);
return $this->process_response_files($name, $name . ':itemid', $postdata, $var);
default:
public function get_expected_data() {
if ($this->responseformat == 'editorfilepicker') {
- $expecteddata = array('answer' => question_attempt::PARAM_CLEANHTML_FILES);
- } else if ($this->responseformat == 'editor') {
- $expecteddata = array('answer' => PARAM_CLEANHTML);
+ $expecteddata = array('answer' => question_attempt::PARAM_RAW_FILES);
} else {
$expecteddata = array('answer' => PARAM_RAW);
}
