Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merged filename checks from stable

  • Loading branch information...
commit 1ca84b296f2128c1308a0022056bdd92e8cd4319 1 parent feaecbf
moodler authored
Showing with 11 additions and 6 deletions.
  1. +6 −5 admin/auth.php
  2. +4 −1 admin/enrol.php
  3. +1 −0  admin/module.php
View
11 admin/auth.php
@@ -48,11 +48,12 @@
$options[$module] = get_string("auth_$module"."title", "auth");
}
asort($options);
- if (isset($_GET['auth'])) {
- $auth = $_GET['auth'];
- } else {
- $auth = $config->auth;
- }
+ if (isset($_GET['auth'])) {
+ $auth = $_GET['auth'];
+ } else {
+ $auth = $config->auth;
+ }
+ $auth = clean_filename($auth);
require_once("$CFG->dirroot/auth/$auth/lib.php"); //just to make sure that current authentication functions are loaded
if (! isset($config->guestloginbutton)) {
$config->guestloginbutton = 1;
View
5 admin/enrol.php
@@ -3,8 +3,10 @@
// Yes, enrol is correct English spelling.
include("../config.php");
+
+ $enrol = (string)parameter('enrol', $CFG->enrol);
+
require_login();
- optional_variable($enrol, $CFG->enrol);
if (!$site = get_site()) {
redirect("index.php");
@@ -14,6 +16,7 @@
error("Only the admin can use this page");
}
+ $enrol = clean_filename($enrol);
require_once("$CFG->dirroot/enrol/$enrol/enrol.php"); /// Open the class
$enrolment = new enrolment_plugin();
View
1  admin/module.php
@@ -29,6 +29,7 @@
require_variable($module);
+ $module = clean_filename($module);
require_once("$CFG->dirroot/mod/$module/lib.php");
Please sign in to comment.
Something went wrong with that request. Please try again.