From 6f36b0998dc417238f9404092fb0a7d22a210d2e Mon Sep 17 00:00:00 2001
From: Andrew Nicols <andrew@nicols.co.uk>
Date: Thu, 19 Aug 2021 16:12:29 +0800
Subject: [PATCH] MDL-71615 qbank_deletequestion: Ensure that the returnurl is
 qualified

---
 question/bank/deletequestion/delete.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/question/bank/deletequestion/delete.php b/question/bank/deletequestion/delete.php
index b706b9e179b46..a2a6f58752be6 100644
--- a/question/bank/deletequestion/delete.php
+++ b/question/bank/deletequestion/delete.php
@@ -34,6 +34,10 @@
 $cmid = optional_param('cmid', 0, PARAM_INT);
 $courseid = optional_param('courseid', 0, PARAM_INT);
 
+if ($returnurl) {
+    $returnurl = new moodle_url($returnurl);
+}
+
 \core_question\local\bank\helper::require_plugin_enabled('qbank_deletequestion');
 
 if ($cmid) {