Permalink
Browse files

MDL-25725 escape query parameter in enrol/database setup_enrolments()

  • Loading branch information...
1 parent 42d9cf7 commit 1d7908e7f78de38c73e3a6e9f3c17172d03641c2 @skodak skodak committed with stronk7 Dec 18, 2010
Showing with 1 addition and 1 deletion.
  1. +1 −1 enrol/database/enrol.php
View
@@ -93,7 +93,7 @@ function setup_enrolments(&$user) {
//error_log('[ENROL_DB] Found '.count($existing).' existing roles and '.$count.' in external database');
foreach ($courselist as $coursefield) { /// Check the list of courses against existing
- $course = get_record('course', $CFG->enrol_localcoursefield, $coursefield);
+ $course = get_record('course', $CFG->enrol_localcoursefield, addslashes($coursefield));
if (!is_object($course)) {
if (empty($CFG->enrol_db_autocreate)) { // autocreation not allowed
if (debugging('',DEBUG_ALL)) {

0 comments on commit 1d7908e

Please sign in to comment.