Incorrect types were preventing the currently selected values from
being removed from the new values returned via ajax.
Also fix a selection bug with autocomplete+ajax+singleselect.
This is a squashed commit containing a number of changes:
This is an ajax driven course selector that has searching etc. It can select single, or multiple courses.
Make course selector accept a list of courses to exclude
courseselector - lookup coursename on setValue
Use the get_course_display_name_in_list function to generate the course names
Add a throttle to auto-complete to reduce spamming the server
Do a single query to fetch all the courses in the mform element when validation fails
Fix core course search function to return results when there are less than 2 chars in the query.
Handle setData with an empty array in new course selector
When a grade category is overridden, it starts to behave like a regular grade item.
Therefore we need similar behaviour to what was implemented in MDL-48634.
mnet has its own separate XML-RPC implementation which supports
introspection. So even though we were sending incorrectly formatted
parameters, our previous XML-RPC implementation could work out how
to mangle the parameters to be correct. Introspection is not a
part of the XML-RPC specification and we should not rely on it. Our
current XML-RPC client/server implementation does not support it either.
Therefore we should always send data in the expected format.
This issue mostly affects the search form fields. Submitted values for
these fields are typically obtained via optional_param() with
PARAM_NOTAGS specified as the parameter type - see parse_search_field()
methods. Such values themselves are not safe enough to be printed back
directly into the HTML as they might contain malicious code.
While working on the patch, some other places with weak protection were
detected and fixed.
In case of the itemid parameters, explicit clean_param() is added to
make sure we cast the value as an integer. That should make the s()
unnecessary but it was added anyway as an extra protection (just in case
the code flow changes or the parts of the code are re-used elsewhere).
