When using the in-line reply process for a forum discussion, if the user starts by entering some text into the ajax box and then hits the "advanced" button to open up a full-editor, any text already entered into the box is passed in the GET as a parameter.

eg:
/moodle/mod/forum/post.php?post=text+entered+into+box&postformat=0&subject=Re%3A+test&reply=504&sesskey=m3EzFiSmhP

I've flagged this as a minor security issue as this results in the users text being included in server logs so there's potential for some level of unexpected private information disclosure.

We could also hit url length limits if the user enters a large amount of text in this box prior to hitting the advanced setting.

We should change this to passing the parameters in the post instead of via GET.