Skip to content

Commit

Permalink
MDL-69774 mod_forum: Restrict URL to accpet only expected params
Browse files Browse the repository at this point in the history
  • Loading branch information
@ilyatregubov @junpataleta
ilyatregubov authored and junpataleta committed Feb 7, 2024
1 parent 44f8c11 commit 61fb8ee
Showing 1 changed file with 110 additions and 1 deletion.
111 changes: 110 additions & 1 deletion mod/forum/search.php
View file
Expand Up @@ -69,8 +69,117 @@
}
$starredonly = optional_param('starredonly', false, PARAM_BOOL); // Include only favourites.

$params = [
'id' => $id,
'perpage' => $perpage,
];

if ($search !== '') {
$params['search'] = $search;
}

if ($page) {
$params['page'] = $page;
}

if ($showform) {
$params['showform'] = $showform;
}

if ($user !== '') {
$params['user'] = $user;
}

if ($userid) {
$params['userid'] = $userid;
}

if ($forumid) {
$params['forumid'] = $forumid;
}

if ($subject !== '') {
$params['subject'] = $subject;
}

if ($phrase !== '') {
$params['phrase'] = $phrase;
}

if ($words !== '') {
$params['words'] = $words;
}

if ($fullwords !== '') {
$params['fullwords'] = $fullwords;
}

if ($notwords !== '') {
$params['notwords'] = $notwords;
}

if ($timefromrestrict) {
$params['timefromrestrict'] = $timefromrestrict;
}

if ($fromday) {
$params['fromday'] = $fromday;
}

if ($fromhour) {
$params['fromhour'] = $fromhour;
}

if ($fromminute) {
$params['fromminute'] = $fromminute;
}

if ($frommonth) {
$params['frommonth'] = $frommonth;
}

if ($fromyear) {
$params['fromyear'] = $fromyear;
}

if ($datefrom) {
$params['datefrom'] = $datefrom;
}

if ($timetorestrict) {
$params['timetorestrict'] = $timetorestrict;
}

if ($today) {
$params['today'] = $today;
}

if ($tohour) {
$params['tohour'] = $tohour;
}

if ($tominute) {
$params['tominute'] = $tominute;
}

if ($tomonth) {
$params['tomonth'] = $tomonth;
}

if ($toyear) {
$params['toyear'] = $toyear;
}

if ($dateto) {
$params['dateto'] = $dateto;
}

if ($starredonly) {
$params['starredonly'] = $starredonly;
}

$PAGE->set_pagelayout('standard');
$PAGE->set_url($FULLME); //TODO: this is very sloppy --skodak
$PAGE->set_url(new moodle_url('/mod/forum/search.php', $params));
$PAGE->set_secondary_active_tab("coursehome");

if (empty($search)) { // Check the other parameters instead
Expand Down

0 comments on commit 61fb8ee

Please sign in to comment.