From fc05b1fc489caa701c5f5dd1a8ddd7b32a7312cc Mon Sep 17 00:00:00 2001
From: Matthew Hilton <matthewhilton@catalyst-au.net>
Date: Mon, 9 Dec 2024 14:44:49 +1000
Subject: [PATCH] [#911] fix sql cleaning

---
 classes/local/step/reader_sql.php | 3 ++-
 classes/local/step/sql_trait.php  | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/classes/local/step/reader_sql.php b/classes/local/step/reader_sql.php
index f637f266..1ddd28d6 100644
--- a/classes/local/step/reader_sql.php
+++ b/classes/local/step/reader_sql.php
@@ -48,7 +48,8 @@ class reader_sql extends reader_step {
      */
     public static function form_define_fields(): array {
         return [
-            'sql' => ['type' => PARAM_TEXT, 'required' => true],
+            // Must be PARAM_RAW to avoid clean_param mangling the sql.
+            'sql' => ['type' => PARAM_RAW, 'required' => true],
             'counterfield' => ['type' => PARAM_TEXT],
             'countervalue' => ['type' => PARAM_TEXT],
         ];
diff --git a/classes/local/step/sql_trait.php b/classes/local/step/sql_trait.php
index 438bcbf4..8e41869f 100644
--- a/classes/local/step/sql_trait.php
+++ b/classes/local/step/sql_trait.php
@@ -175,7 +175,8 @@ public function validate_config($config) {
      */
     public static function form_define_fields(): array {
         return [
-            'sql' => ['type' => PARAM_TEXT, 'required' => true],
+            // Must be PARAM_RAW to avoid clean_param mangling the sql.
+            'sql' => ['type' => PARAM_RAW, 'required' => true],
         ];
     }