moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-73402 block_admin_bookmarks: slightly relax section cleaning.

Browse source 
Allow '/' character in external page names.
This commit is contained in:
Paul Holden 2021-12-17 11:52:00 +00:00
parent 508fe3937e
commit 73ef0be41f
3 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
blocks/admin_bookmarks/block_admin_bookmarks.php
View file

@ -32,8 +32,6 @@ class block_admin_bookmarks extends block_base {
/** @var string */ /** @var string */
public $blockname = null; public $blockname = null;
/** @var bool */
protected $contentgenerated = false;
/** @var bool|null */ /** @var bool|null */
protected $docked = null; protected $docked = null;
@ -74,9 +72,10 @@ class block_admin_bookmarks extends block_base {
global $CFG; global $CFG;
// First check if we have already generated, don't waste cycles // First check if we have already generated, don't waste cycles
if ($this->contentgenerated === true) { if ($this->content !== null) {
return $this->content; return $this->content;
} }
$this->content = new stdClass(); $this->content = new stdClass();
if (get_user_preferences('admin_bookmarks')) { if (get_user_preferences('admin_bookmarks')) {

3
blocks/admin_bookmarks/create.php
View file

@ -30,7 +30,8 @@ $context = context_system::instance();
$PAGE->set_context($context); $PAGE->set_context($context);
$adminroot = admin_get_root(false, false); // settings not required - only pages $adminroot = admin_get_root(false, false); // settings not required - only pages
if ($section = optional_param('section', '', PARAM_SAFEDIR) and confirm_sesskey()) { // We clean section with safe path here for compatibility with external pages that include a slash in their name.
if ($section = optional_param('section', '', PARAM_SAFEPATH) and confirm_sesskey()) {
if (get_user_preferences('admin_bookmarks')) { if (get_user_preferences('admin_bookmarks')) {
$bookmarks = explode(',', get_user_preferences('admin_bookmarks')); $bookmarks = explode(',', get_user_preferences('admin_bookmarks'));

3
blocks/admin_bookmarks/delete.php
View file

@ -31,7 +31,8 @@ $context = context_system::instance();
$PAGE->set_context($context); $PAGE->set_context($context);
$adminroot = admin_get_root(false, false); // settings not required - only pages $adminroot = admin_get_root(false, false); // settings not required - only pages
if ($section = optional_param('section', '', PARAM_SAFEDIR) and confirm_sesskey()) { // We clean section with safe path here for compatibility with external pages that include a slash in their name.
if ($section = optional_param('section', '', PARAM_SAFEPATH) and confirm_sesskey()) {
if (get_user_preferences('admin_bookmarks')) { if (get_user_preferences('admin_bookmarks')) {