GHI353_310 Ensuring clean text on new and existing essay questions.

mchurchward · mchurchward · commit b8be86b9f8c1 · 2021-08-04T11:58:11.000-04:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,114 @@
+name: Moodle plugin CI
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: 'ubuntu-latest'
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - php: '7.2'
+            moodle-branch: 'MOODLE_39_STABLE'
+            database: 'mariadb'
+            node: '14.15.0'
+          - php: '7.2'
+            moodle-branch: 'MOODLE_39_STABLE'
+            database: 'pgsql'
+            node: '14.15.0'
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: 'postgres'
+          POSTGRES_HOST_AUTH_METHOD: 'trust'
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 3
+        ports:
+          - 5432:5432
+
+      mariadb:
+        image: mariadb:10.5
+        env:
+          MYSQL_USER: 'root'
+          MYSQL_ALLOW_EMPTY_PASSWORD: "true"
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 3
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: plugin
+
+      - name: Install node
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node }}
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: zip, gd, mbstring, pgsql, mysqli
+
+      - name: Deploy moodle-plugin-ci
+        run: |
+          composer create-project -n --no-dev --prefer-dist moodlehq/moodle-plugin-ci ci ^3
+          # Add dirs to $PATH
+          echo $(cd ci/bin; pwd) >> $GITHUB_PATH
+          echo $(cd ci/vendor/bin; pwd) >> $GITHUB_PATH
+          # PHPUnit depends on en_AU.UTF-8 locale
+          sudo locale-gen en_AU.UTF-8
+      - name: Install Moodle
+        # Need explicit IP to stop mysql client fail on attempt to use unix socket.
+        run: moodle-plugin-ci install --plugin ./plugin --db-host=127.0.0.1
+        env:
+          DB: ${{ matrix.database }}
+          MOODLE_BRANCH: ${{ matrix.moodle-branch }}
+          IGNORE_NAMES: 'mobile_*.mustache'
+
+      - name: phplint
+        if: ${{ always() }}
+        run: moodle-plugin-ci phplint
+
+      - name: phpcpd
+        if: ${{ always() }}
+        run: moodle-plugin-ci phpcpd || true
+
+      - name: phpmd
+        if: ${{ always() }}
+        run: moodle-plugin-ci phpmd
+
+      - name: codechecker
+        if: ${{ always() }}
+        run: moodle-plugin-ci codechecker
+
+      - name: validate
+        if: ${{ always() }}
+        run: moodle-plugin-ci validate
+
+      - name: savepoints
+        if: ${{ always() }}
+        run: moodle-plugin-ci savepoints
+
+      - name: mustache
+        if: ${{ always() }}
+        run: moodle-plugin-ci mustache
+
+      - name: grunt
+        if: ${{ always() }}
+        run: moodle-plugin-ci grunt
+
+      - name: phpunit
+        if: ${{ always() }}
+        run: moodle-plugin-ci phpunit
+
+      - name: behat
+        if: ${{ always() }}
+        run: moodle-plugin-ci behat --profile chrome
diff --git a/classes/question/check.php b/classes/question/check.php
@@ -139,7 +139,7 @@ protected function question_survey_display($response, $dependants, $blankquestio
             if ($choice->is_other_choice()) {
                 $checkbox->oname = 'q'.$this->id.'['.$choice->other_choice_name().']';
                 $checkbox->ovalue = (isset($response->answers[$this->id][$id]) && !empty($response->answers[$this->id][$id]) ?
-                    stripslashes($response->answers[$this->id][$id]->value) : '');
+                    format_text(stripslashes($response->answers[$this->id][$id]->value)) : '');
                 $checkbox->label = format_text($choice->other_choice_display().'', FORMAT_HTML, ['noclean' => true]);
             }
             $choicetags->qelements[] = (object)['choice' => $checkbox];
diff --git a/classes/question/essay.php b/classes/question/essay.php
@@ -108,7 +108,7 @@ protected function question_survey_display($response, $descendantsdata, $blankqu
     protected function response_survey_display($response) {
         if (isset($response->answers[$this->id])) {
             $answer = reset($response->answers[$this->id]);
-            $answer = $answer->value;
+            $answer = format_text($answer->value, FORMAT_HTML);
         } else {
             $answer = '&nbsp;';
         }
diff --git a/classes/question/radio.php b/classes/question/radio.php
@@ -135,7 +135,7 @@ protected function question_survey_display($response, $dependants=[], $blankques
                 $radio->oname = 'q'.$this->id.choice::id_other_choice_name($id);
                 $radio->oid = $htmlid.'-other';
                 if (isset($odata)) {
-                    $radio->ovalue = stripslashes($odata);
+                    $radio->ovalue = format_text(stripslashes($odata));
                 }
                 $radio->olabel = 'Text for '.format_text($othertext, FORMAT_HTML, ['noclean' => true]);
             }
diff --git a/classes/question/text.php b/classes/question/text.php
@@ -85,7 +85,8 @@ protected function question_survey_display($response, $descendantsdata, $blankqu
         if ($this->precise > 0) {
             $choice->maxlength = $this->precise;
         }
-        $choice->value = (isset($response->answers[$this->id][0]) ? stripslashes($response->answers[$this->id][0]->value) : '');
+        $choice->value = (isset($response->answers[$this->id][0]) ?
+            format_text(stripslashes($response->answers[$this->id][0]->value)) : '');
         $choice->id = self::qtypename($this->type_id) . $this->id;
         $questiontags->qelements->choice = $choice;
         return $questiontags;
diff --git a/classes/responsetype/single.php b/classes/responsetype/single.php
@@ -123,7 +123,7 @@ public function insert_response($responsedata) {
                         $record->response_id = $response->id;
                         $record->question_id = $this->question->id;
                         $record->choice_id = $answer->choiceid;
-                        $record->response = $answer->value;
+                        $record->response = clean_text($answer->value);
                         $DB->insert_record('questionnaire_response_other', $record);
                     }
                     // Record the choice selection.
diff --git a/classes/responsetype/text.php b/classes/responsetype/text.php
@@ -81,7 +81,7 @@ public function insert_response($responsedata) {
             $record = new \stdClass();
             $record->response_id = $response->id;
             $record->question_id = $this->question->id;
-            $record->response = $response->answers[$this->question->id][0]->value;
+            $record->response = clean_text($response->answers[$this->question->id][0]->value);
             return $DB->insert_record(static::response_table(), $record);
         } else {
             return false;

Original file line number	Diff line number	Diff line change
`@@ -139,7 +139,7 @@ protected function question_survey_display($response, $dependants, $blankquestio`
`139`	`139`	`if ($choice->is_other_choice()) {`
`140`	`140`	`$checkbox->oname = 'q'.$this->id.'['.$choice->other_choice_name().']';`
`141`	`141`	`$checkbox->ovalue = (isset($response->answers[$this->id][$id]) && !empty($response->answers[$this->id][$id]) ?`
`142`		`- stripslashes($response->answers[$this->id][$id]->value) : '');`
	`142`	`+ format_text(stripslashes($response->answers[$this->id][$id]->value)) : '');`
`143`	`143`	`$checkbox->label = format_text($choice->other_choice_display().'', FORMAT_HTML, ['noclean' => true]);`
`144`	`144`	`}`
`145`	`145`	`$choicetags->qelements[] = (object)['choice' => $checkbox];`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ protected function question_survey_display($response, $descendantsdata, $blankqu`
`108`	`108`	`protected function response_survey_display($response) {`
`109`	`109`	`if (isset($response->answers[$this->id])) {`
`110`	`110`	`$answer = reset($response->answers[$this->id]);`
`111`		`- $answer = $answer->value;`
	`111`	`+ $answer = format_text($answer->value, FORMAT_HTML);`
`112`	`112`	`} else {`
`113`	`113`	`$answer = ' ';`
`114`	`114`	`}`
Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ protected function question_survey_display($response, $dependants=[], $blankques`
`135`	`135`	`$radio->oname = 'q'.$this->id.choice::id_other_choice_name($id);`
`136`	`136`	`$radio->oid = $htmlid.'-other';`
`137`	`137`	`if (isset($odata)) {`
`138`		`- $radio->ovalue = stripslashes($odata);`
	`138`	`+ $radio->ovalue = format_text(stripslashes($odata));`
`139`	`139`	`}`
`140`	`140`	`$radio->olabel = 'Text for '.format_text($othertext, FORMAT_HTML, ['noclean' => true]);`
`141`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ public function insert_response($responsedata) {`
`123`	`123`	`$record->response_id = $response->id;`
`124`	`124`	`$record->question_id = $this->question->id;`
`125`	`125`	`$record->choice_id = $answer->choiceid;`
`126`		`- $record->response = $answer->value;`
	`126`	`+ $record->response = clean_text($answer->value);`
`127`	`127`	`$DB->insert_record('questionnaire_response_other', $record);`
`128`	`128`	`}`
`129`	`129`	`// Record the choice selection.`