Permalink
Browse files

MDL-26966 improve self URL validation

  • Loading branch information...
skodak committed Mar 27, 2011
1 parent 92a387b commit 0ae36f663812cdc0be911fe076bd3aed4cad72ef
Showing with 379 additions and 375 deletions.
  1. +5 −1 lib/setuplib.php
  2. +1 −1 theme/anomaly/layout/general.php
  3. +1 −1 theme/anomaly/layout/report.php
  4. +6 −6 theme/arialist/layout/frontpage.php
  5. +4 −4 theme/arialist/layout/general.php
  6. +1 −1 theme/arialist/layout/report.php
  7. +1 −1 theme/base/layout/embedded.php
  8. +6 −6 theme/base/layout/frontpage.php
  9. +4 −4 theme/base/layout/general.php
  10. +1 −1 theme/base/layout/report.php
  11. +6 −6 theme/binarius/layout/frontpage.php
  12. +4 −4 theme/binarius/layout/general.php
  13. +1 −1 theme/binarius/layout/report.php
  14. +1 −1 theme/boxxie/layout/embedded.php
  15. +16 −16 theme/boxxie/layout/frontpage.php
  16. +16 −16 theme/boxxie/layout/general.php
  17. +12 −12 theme/brick/layout/frontpage.php
  18. +20 −20 theme/brick/layout/general.php
  19. +1 −1 theme/canvas/layout/embedded.php
  20. +10 −10 theme/canvas/layout/frontpage.php
  21. +5 −5 theme/canvas/layout/general.php
  22. +2 −2 theme/canvas/layout/report.php
  23. +1 −1 theme/formal_white/layout/embedded.php
  24. +1 −1 theme/formal_white/layout/frontpage.php
  25. +1 −1 theme/formal_white/layout/general.php
  26. +1 −1 theme/formfactor/layout/embedded.php
  27. +10 −10 theme/formfactor/layout/frontpage.php
  28. +11 −11 theme/formfactor/layout/general.php
  29. +13 −13 theme/fusion/layout/frontpage.php
  30. +12 −12 theme/fusion/layout/general.php
  31. +8 −8 theme/leatherbound/layout/frontpage.php
  32. +6 −6 theme/leatherbound/layout/general.php
  33. +1 −1 theme/leatherbound/layout/report.php
  34. +1 −1 theme/magazine/layout/embedded.php
  35. +28 −28 theme/magazine/layout/frontpage.php
  36. +27 −27 theme/magazine/layout/general.php
  37. +13 −13 theme/nimble/layout/frontpage.php
  38. +12 −12 theme/nimble/layout/general.php
  39. +9 −9 theme/nonzero/layout/frontpage.php
  40. +5 −5 theme/nonzero/layout/general.php
  41. +14 −14 theme/overlay/layout/frontpage.php
  42. +17 −17 theme/overlay/layout/general.php
  43. +1 −1 theme/serenity/layout/embedded.php
  44. +11 −11 theme/serenity/layout/frontpage.php
  45. +10 −10 theme/serenity/layout/general.php
  46. +16 −16 theme/sky_high/layout/frontpage.php
  47. +16 −16 theme/sky_high/layout/general.php
  48. +2 −2 theme/sky_high/layout/report.php
  49. +2 −2 theme/splash/layout/general.php
  50. +2 −2 theme/splash/layout/report.php
  51. +1 −1 theme/standardold/layout/embedded.php
  52. +2 −2 theme/standardold/layout/frontpage.php
  53. +1 −1 theme/standardold/layout/general.php
View
@@ -691,7 +691,6 @@ function initialise_fullme() {
$FULLSCRIPT = $hostandport . $rurl['path'];
$FULLME = $hostandport . $rurl['fullpath'];
$ME = $rurl['fullpath'];
- $rurl['path'] = $rurl['fullpath'];
}
/**
@@ -776,6 +775,11 @@ function setup_get_remote_url() {
} else {
throw new moodle_exception('unsupportedwebserver', 'error', '', $_SERVER['SERVER_SOFTWARE']);
}
+
+ // sanitize the url a bit more, the encoding style may be different in vars above
+ $rurl['fullpath'] = str_replace('"', '%22', $rurl['fullpath']);
+ $rurl['fullpath'] = str_replace('\'', '%27', $rurl['fullpath']);
+
return $rurl;
}
@@ -25,7 +25,7 @@
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -19,7 +19,7 @@
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -24,7 +24,7 @@
} else {
$tagline = '<!-- There was no custom tagline set -->';
}
-if (!empty($PAGE->theme->settings->logo)) {
+if (!empty($PAGE->theme->settings->logo)) {
$logourl = $PAGE->theme->settings->logo;
}
@@ -33,11 +33,11 @@
<head>
<title><?php echo $PAGE->title ?></title>
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
- <meta name="description" content="<?php echo strip_tags(format_text($SITE->summary, FORMAT_HTML)) ?>" />
+ <meta name="description" content="<?php p(strip_tags(format_text($SITE->summary, FORMAT_HTML))) ?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<?php if ($hascustommenu) { ?>
@@ -70,7 +70,7 @@
</div>
</div>
</div>
-
+
<!-- END OF HEADER -->
<!-- START OF CONTENT -->
@@ -79,15 +79,15 @@
<div id="page-content">
<div id="region-main-box">
<div id="region-post-box">
-
+
<div id="region-main-wrap">
<div id="region-main">
<div class="region-content">
<?php echo core_renderer::MAIN_CONTENT_TOKEN ?>
</div>
</div>
</div>
-
+
<?php if ($hassidepost) { ?>
<div id="region-post" class="block-region">
<div class="region-content">
@@ -27,7 +27,7 @@
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<?php if ($hascustommenu) { ?>
@@ -77,23 +77,23 @@
<div id="page-content">
<div id="region-main-box">
<div id="region-post-box">
-
+
<div id="region-main-wrap">
<div id="region-main">
<div class="region-content">
<?php echo core_renderer::MAIN_CONTENT_TOKEN ?>
</div>
</div>
</div>
-
+
<?php if ($hassidepost) { ?>
<div id="region-post" class="block-region">
<div class="region-content">
<?php echo $OUTPUT->blocks_for_region('side-post') ?>
</div>
</div>
<?php } ?>
-
+
</div>
</div>
</div>
@@ -27,7 +27,7 @@
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<?php if ($hascustommenu) { ?>
@@ -5,7 +5,7 @@
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -25,10 +25,10 @@
<head>
<title><?php echo $PAGE->title ?></title>
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
- <meta name="description" content="<?php echo strip_tags(format_text($SITE->summary, FORMAT_HTML)) ?>" />
+ <meta name="description" content="<?php p(strip_tags(format_text($SITE->summary, FORMAT_HTML))) ?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -49,31 +49,31 @@
<div id="page-content">
<div id="region-main-box">
<div id="region-post-box">
-
+
<div id="region-main-wrap">
<div id="region-main">
<div class="region-content">
<?php echo core_renderer::MAIN_CONTENT_TOKEN ?>
</div>
</div>
</div>
-
+
<?php if ($hassidepre) { ?>
<div id="region-pre" class="block-region">
<div class="region-content">
<?php echo $OUTPUT->blocks_for_region('side-pre') ?>
</div>
</div>
<?php } ?>
-
+
<?php if ($hassidepost) { ?>
<div id="region-post" class="block-region">
<div class="region-content">
<?php echo $OUTPUT->blocks_for_region('side-post') ?>
</div>
</div>
<?php } ?>
-
+
</div>
</div>
</div>
@@ -32,7 +32,7 @@
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
<?php if ($hasheading || $hasnavbar) { ?>
@@ -64,23 +64,23 @@
<div id="page-content">
<div id="region-main-box">
<div id="region-post-box">
-
+
<div id="region-main-wrap">
<div id="region-main">
<div class="region-content">
<?php echo core_renderer::MAIN_CONTENT_TOKEN ?>
</div>
</div>
</div>
-
+
<?php if ($hassidepre) { ?>
<div id="region-pre" class="block-region">
<div class="region-content">
<?php echo $OUTPUT->blocks_for_region('side-pre') ?>
</div>
</div>
<?php } ?>
-
+
<?php if ($hassidepost) { ?>
<div id="region-post" class="block-region">
<div class="region-content">
@@ -26,7 +26,7 @@
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
<?php if ($hasheading || $hasnavbar) { ?>
@@ -25,11 +25,11 @@
<head>
<title><?php echo $PAGE->title ?></title>
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
- <meta name="description" content="<?php echo strip_tags(format_text($SITE->summary, FORMAT_HTML)) ?>" />
+ <meta name="description" content="<?php p(strip_tags(format_text($SITE->summary, FORMAT_HTML))) ?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -54,7 +54,7 @@
<?php } ?>
</div>
</div>
-
+
<!-- END OF HEADER -->
<!-- START OF CONTENT -->
@@ -63,15 +63,15 @@
<div id="page-content">
<div id="region-main-box">
<div id="region-post-box">
-
+
<div id="region-main-wrap">
<div id="region-main">
<div class="region-content">
<?php echo core_renderer::MAIN_CONTENT_TOKEN ?>
</div>
</div>
</div>
-
+
<?php if ($hassidepost) { ?>
<div id="region-post" class="block-region">
<div class="region-content">
@@ -86,7 +86,7 @@
<div class="myclear"></div>
</div>
-
+
<!-- END OF CONTENT -->
<div class="myclear"></div>
@@ -28,7 +28,7 @@
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -77,23 +77,23 @@
<div id="page-content">
<div id="region-main-box">
<div id="region-post-box">
-
+
<div id="region-main-wrap">
<div id="region-main">
<div class="region-content">
<?php echo core_renderer::MAIN_CONTENT_TOKEN ?>
</div>
</div>
</div>
-
+
<?php if ($hassidepost) { ?>
<div id="region-post" class="block-region">
<div class="region-content">
<?php echo $OUTPUT->blocks_for_region('side-post') ?>
</div>
</div>
<?php } ?>
-
+
</div>
</div>
</div>
@@ -28,7 +28,7 @@
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses.' '.join(' ', $bodyclasses) ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses.' '.join(' ', $bodyclasses)) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page">
@@ -5,7 +5,7 @@
<link rel="shortcut icon" href="<?php echo $OUTPUT->pix_url('favicon', 'theme')?>" />
<?php echo $OUTPUT->standard_head_html() ?>
</head>
-<body id="<?php echo $PAGE->bodyid ?>" class="<?php echo $PAGE->bodyclasses ?>">
+<body id="<?php p($PAGE->bodyid) ?>" class="<?php p($PAGE->bodyclasses) ?>">
<?php echo $OUTPUT->standard_top_of_body_html() ?>
<div id="page-wrapper" class="embedded">
Oops, something went wrong.

0 comments on commit 0ae36f6

Please sign in to comment.