Merge branch 'MDL-25754_20_wip' of git://github.com/skodak/moodle

diff --combined lib/moodlelib.php
index 0e0cc3a,d59b5f3..dd9bbef
--- 1/lib/moodlelib.php
--- 2/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@@ -792,10 -792,9 +792,9 @@@ function clean_param($param, $type) 
              }
  
          case PARAM_TAG:
-             //as long as magic_quotes_gpc is used, a backslash will be a
-             //problem, so remove *all* backslash.
-             //$param = str_replace('\\', '', $param);
-             //remove some nasties
+             // Please note it is not safe to use the tag name directly anywhere,
+             // it must be processed with s(), urlencode() before embedding anywhere.
+             // remove some nasties
              $param = preg_replace('~[[:cntrl:]]|[<>`]~u', '', $param);
              //convert many whitespace chars into one
              $param = preg_replace('/\s+/', ' ', $param);
@@@ -803,7 -802,6 +802,6 @@@
              $param = $textlib->substr(trim($param), 0, TAG_MAX_LENGTH);
              return $param;
  
- 
          case PARAM_TAGLIST:
              $tags = explode(',', $param);
              $result = array();
@@@ -3045,10 -3043,6 +3043,10 @@@ function &get_fast_modinfo(&$course, $u
          return $cache[$course->id];
      }
  
 +    if (!property_exists($course, 'modinfo')) {
 +        debugging('Coding problem - missing course modinfo property in get_fast_modinfo() call');
 +    }
 +
      if (empty($course->modinfo)) {
          // no modinfo yet - load it
          rebuild_course_cache($course->id);