Permalink
Browse files

better cleaning of $file parameter SC#276

  • Loading branch information...
1 parent b515688 commit 344c23c0ef77de54620c5c0476a74fccbf16500c skodak committed Jul 11, 2006
Showing with 1 addition and 5 deletions.
  1. +1 −5 help.php
View
@@ -16,17 +16,13 @@
require_once('config.php');
- $file = optional_param('file', '', PARAM_CLEAN);
+ $file = optional_param('file', '', PARAM_PATH);
$text = optional_param('text', 'No text to display', PARAM_CLEAN);
$module = optional_param('module', 'moodle', PARAM_ALPHAEXT);
$forcelang = optional_param('forcelang', '', PARAM_ALPHAEXT);
print_header();
- if (detect_munged_arguments($module .'/'. $file)) {
- error('Filenames contain illegal characters!');
- }
-
print_simple_box_start('center', '96%');
$helpfound = false;

0 comments on commit 344c23c

Please sign in to comment.