Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-35991 - use PARAM_LOCALURL for local urls

  • Loading branch information...
commit 1e8335fb8298d6f503de721ae47f08a6f065a9eb 1 parent 523dafe
Simon Coggins simoncoggins authored danpoltawski committed
2  backup/backupfilesedit.php
View
@@ -33,7 +33,7 @@
// file parameters
$component = optional_param('component', null, PARAM_COMPONENT);
$filearea = optional_param('filearea', null, PARAM_AREA);
-$returnurl = optional_param('returnurl', null, PARAM_URL);
+$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
list($context, $course, $cm) = get_context_info_array($currentcontext);
$filecontext = get_context_instance_by_id($contextid);
2  comment/comment_post.php
View
@@ -38,7 +38,7 @@
$area = optional_param('area', '', PARAM_AREA);
$content = optional_param('content', '', PARAM_RAW);
$itemid = optional_param('itemid', '', PARAM_INT);
-$returnurl = optional_param('returnurl', '/', PARAM_URL);
+$returnurl = optional_param('returnurl', '/', PARAM_LOCALURL);
$component = optional_param('component', '', PARAM_COMPONENT);
// Currently this script can only add comments
4 course/switchrole.php
View
@@ -35,7 +35,7 @@
$id = required_param('id', PARAM_INT);
$switchrole = optional_param('switchrole',-1, PARAM_INT);
-$returnurl = optional_param('returnurl', false, PARAM_URL);
+$returnurl = optional_param('returnurl', false, PARAM_LOCALURL);
$PAGE->set_url('/course/switchrole.php', array('id'=>$id));
@@ -86,4 +86,4 @@
$returnurl = new moodle_url('/course/view.php', array('id' => $course->id));
}
-redirect($returnurl);
+redirect($returnurl);
2  mod/wiki/filesedit.php
View
@@ -31,7 +31,7 @@
$subwikiid = required_param('subwiki', PARAM_INT);
// not being used for file management, we use it to generate navbar link
$pageid = optional_param('pageid', 0, PARAM_INT);
-$returnurl = optional_param('returnurl', '', PARAM_URL);
+$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);
if (!$subwiki = wiki_get_subwiki($subwikiid)) {
print_error('incorrectsubwikiid', 'wiki');
2  tag/coursetags_add.php
View
@@ -35,7 +35,7 @@
print_error('tagsaredisabled', 'tag');
}
-$returnurl = optional_param('returnurl', null, PARAM_TEXT);
+$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
$keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
$courseid = optional_param('entryid', 0, PARAM_INT);
$userid = optional_param('userid', 0, PARAM_INT);
2  user/files.php
View
@@ -32,7 +32,7 @@
die();
}
-$returnurl = optional_param('returnurl', '', PARAM_URL);
+$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);
if (empty($returnurl)) {
$returnurl = new moodle_url('/user/files.php');
Please sign in to comment.
Something went wrong with that request. Please try again.