Hello,
Plugin uses PARAM_RAW for parameter validation. PARAM_RAW should only be used when there is no other option and when strict validation/cleaning is performed elsewhere. In most cases, use specific parameter types (for example: PARAM_INT for integers, PARAM_TEXT for plain text, PARAM_ALPHA/PARAM_ALPHANUM for constrained formats) to reduce XSS and injection risk.
Documentation:
Code excerpts:
177: if ($action === 'import' && data_submitted() && confirm_sesskey()) {
178: $importtext = required_param('importdata', PARAM_RAW);
179: $parsed_cards = \\mod_leitbox\\import_handler::parse_text($importtext);
Hello,
Plugin uses PARAM_RAW for parameter validation. PARAM_RAW should only be used when there is no other option and when strict validation/cleaning is performed elsewhere. In most cases, use specific parameter types (for example: PARAM_INT for integers, PARAM_TEXT for plain text, PARAM_ALPHA/PARAM_ALPHANUM for constrained formats) to reduce XSS and injection risk.
Documentation:
Code excerpts:
manage.php