Skip to content

Commit

Permalink
MDL-49179 mod_forum, mod_quiz: Prevent misuse of get_referer()
Browse files Browse the repository at this point in the history
  • Loading branch information
@FMCorz
FMCorz authored and Mr. Jenkins (CiBoT) committed May 5, 2015
1 parent 1ce4f44 commit 71c1cfb
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
3 changes: 2 additions & 1 deletion mod/forum/post.php
View file
Expand Up @@ -87,9 +87,10 @@
$PAGE->set_context($modcontext);
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
$referer = clean_param(get_referer(false), PARAM_LOCALURL);

echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('noguestpost', 'forum').'<br /><br />'.get_string('liketologin'), get_login_url(), get_referer(false));
echo $OUTPUT->confirm(get_string('noguestpost', 'forum').'<br /><br />'.get_string('liketologin'), get_login_url(), $referer);
echo $OUTPUT->footer();
exit;
}
Expand Down
4 changes: 2 additions & 2 deletions mod/quiz/renderer.php
View file
Expand Up @@ -808,8 +808,8 @@ public function view_page_guest($course, $quiz, $cm, $context, $messages) {
$output .= $this->view_information($quiz, $cm, $context, $messages);
$guestno = html_writer::tag('p', get_string('guestsno', 'quiz'));
$liketologin = html_writer::tag('p', get_string('liketologin'));
$output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(),
get_referer(false));
$referer = clean_param(get_referer(false), PARAM_LOCALURL);
$output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(), $referer);
return $output;
}

Expand Down

0 comments on commit 71c1cfb

Please sign in to comment.