Permalink
Browse files

MDL-9123:

No check was made of the validity of the category id read from the form.
So it could theoretically have been spoofed.
  • Loading branch information...
1 parent c7da0d8 commit 3ff6c931eefd569e74ae1602bef57a1732402eaa thepurpleblob committed Apr 11, 2007
Showing with 8 additions and 0 deletions.
  1. +8 −0 question/export.php
View
@@ -67,6 +67,14 @@
// ensure the files area exists for this course
make_upload_directory( "$course->id" );
+ // check category is valid
+ if (!empty($categoryid)) {
+ $validcats = question_category_options( $course->id, true, false );
+ if (!array_key_exists( $categoryid, $validcats)) {
+ print_error( "Category id ($categoryid) is not permitted." );
+ }
+ }
+
/// Header
if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) {
$strupdatemodule = has_capability('moodle/course:manageactivities', $context)

0 comments on commit 3ff6c93

Please sign in to comment.