moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-9123:

Browse source 
No check was made of the validity of the category id read from the form.
So it could theoretically have been spoofed.
This commit is contained in:
thepurpleblob 2007-04-11 11:00:26 +00:00
parent 177d4abf11
commit 22afe6d699
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
question/export.php
View file

@ -64,6 +64,14 @@
// ensure the files area exists for this course // ensure the files area exists for this course
make_upload_directory( "$course->id" ); make_upload_directory( "$course->id" );
// check category is valid
if (!empty($categoryid)) {
$validcats = question_category_options( $course->id, true, false );
if (!array_key_exists( $categoryid, $validcats)) {
print_error( "Category id ($categoryid) is not permitted." );
}
}
/// Header /// Header
if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) { if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) {
$strupdatemodule = has_capability('moodle/course:manageactivities', $context) $strupdatemodule = has_capability('moodle/course:manageactivities', $context)