Skip to content
Browse files

MDL-9123:

No check was made of the validity of the category id read from the form.
So it could theoretically have been spoofed.
  • Loading branch information...
1 parent f032cd8 commit 146b8728c71d3d056e7df8f5723e36258d7aee8c thepurpleblob committed Apr 11, 2007
Showing with 8 additions and 0 deletions.
  1. +8 −0 question/export.php
View
8 question/export.php
@@ -64,6 +64,14 @@
// ensure the files area exists for this course
make_upload_directory( "$course->id" );
+ // check category is valid
+ if (!empty($categoryid)) {
+ $validcats = question_category_options( $course->id, true, false );
+ if (!array_key_exists( $categoryid, $validcats)) {
+ print_error( "Category id ($categoryid) is not permitted." );
+ }
+ }
+
/// Header
if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) {
$strupdatemodule = has_capability('moodle/course:manageactivities', $context)

0 comments on commit 146b872

Please sign in to comment.
Something went wrong with that request. Please try again.