Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-36977 Be more picky when it comes to migrating files in moodle1 b…

…ackups
  • Loading branch information...
commit 019cc4eae4693d0bf69e108b1df3d6f999d2be0e 1 parent 2726d2a
@mudrd8mz mudrd8mz authored danpoltawski committed
Showing with 7 additions and 1 deletion.
  1. +7 −1 backup/converter/moodle1/lib.php
View
8 backup/converter/moodle1/lib.php
@@ -642,7 +642,9 @@ public static function find_referenced_files($text) {
}
foreach ($matches[2] as $match) {
$file = str_replace(array('$@FILEPHP@$', '$@SLASH@$', '$@FORCEDOWNLOAD@$'), array('', '/', ''), $match);
- $files[] = rawurldecode($file);
+ if ($file === clean_param($file, PARAM_PATH)) {
+ $files[] = rawurldecode($file);
+ }
}
return array_unique($files);
@@ -1210,6 +1212,10 @@ public function migrate_file($sourcepath, $filepath = '/', $filename = null, $so
$sourcefullpath = $this->basepath.'/'.$sourcepath;
+ if ($sourcefullpath !== clean_param($sourcefullpath, PARAM_PATH)) {
+ throw new moodle1_convert_exception('file_invalid_path', $sourcefullpath);
+ }
+
if (!is_readable($sourcefullpath)) {
throw new moodle1_convert_exception('file_not_readable', $sourcefullpath);
}
Please sign in to comment.
Something went wrong with that request. Please try again.