Agenda: Fix type paremeter #security

chamilo · Jan 27, 2021 · d939402 · d939402
1 parent 33754fe
commit d939402
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/main/calendar/agenda_list.php b/main/calendar/agenda_list.php
@@ -12,7 +12,8 @@
 ];
 Event::registerLog($logInfo);
 
-$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
+$typeList = ['personal', 'course', 'admin', 'platform'];
+$type = isset($_REQUEST['type']) && in_array($_REQUEST['type'], $typeList, true) ? $_REQUEST['type'] : null;
 
 $interbreadcrumb[] = [
     'url' => api_get_path(WEB_CODE_PATH).'calendar/agenda_js.php?type='.Security::remove_XSS($type),