Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-9123:

No check was made of the validity of the category id read from the form.
So it could theoretically have been spoofed.
  • Loading branch information...
commit 146b8728c71d3d056e7df8f5723e36258d7aee8c 1 parent f032cd8
thepurpleblob authored

Showing 1 changed file with 8 additions and 0 deletions. Show diff stats Hide diff stats

  1. +8 0 question/export.php
8 question/export.php
@@ -64,6 +64,14 @@
64 64 // ensure the files area exists for this course
65 65 make_upload_directory( "$course->id" );
66 66
  67 + // check category is valid
  68 + if (!empty($categoryid)) {
  69 + $validcats = question_category_options( $course->id, true, false );
  70 + if (!array_key_exists( $categoryid, $validcats)) {
  71 + print_error( "Category id ($categoryid) is not permitted." );
  72 + }
  73 + }
  74 +
67 75 /// Header
68 76 if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) {
69 77 $strupdatemodule = has_capability('moodle/course:manageactivities', $context)

0 comments on commit 146b872

Please sign in to comment.
Something went wrong with that request. Please try again.