MDL-76810 redirect handling: ensure return URLs are properly sanitised

moodle · Jan 11, 2023 · 799f7fb · 799f7fb
1 parent 978a6bb
commit 799f7fb
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 8 deletions.
diff --git a/backup/backupfilesedit_form.php b/backup/backupfilesedit_form.php
@@ -48,7 +48,7 @@ public function definition() {
         $mform->setType('component', PARAM_COMPONENT);
 
         $mform->addElement('hidden', 'returnurl', $this->_customdata['returnurl']);
-        $mform->setType('returnurl', PARAM_URL);
+        $mform->setType('returnurl', PARAM_LOCALURL);
 
         $this->add_action_buttons(true, get_string('savechanges'));
         $this->set_data($this->_customdata['data']);

diff --git a/blog/external_blog_edit_form.php b/blog/external_blog_edit_form.php
@@ -64,7 +64,7 @@ public function definition() {
         $mform->setDefault('id', 0);
 
         $mform->addElement('hidden', 'returnurl');
-        $mform->setType('returnurl', PARAM_URL);
+        $mform->setType('returnurl', PARAM_LOCALURL);
         $mform->setDefault('returnurl', 0);
     }
 

diff --git a/course/switchrole.php b/course/switchrole.php
@@ -34,7 +34,7 @@
 
 $id         = required_param('id', PARAM_INT);
 $switchrole = optional_param('switchrole', -1, PARAM_INT);
-$returnurl  = optional_param('returnurl', '', PARAM_RAW);
+$returnurl  = optional_param('returnurl', '', PARAM_LOCALURL);
 
 if (strpos($returnurl, '?') === false) {
     // Looks like somebody did not set proper page url, better go to course page.
@@ -43,7 +43,7 @@
     if (strpos($returnurl, $CFG->wwwroot) !== 0) {
         $returnurl = $CFG->wwwroot.$returnurl;
     }
-    $returnurl  = clean_param($returnurl, PARAM_URL);
+    $returnurl  = clean_param($returnurl, PARAM_LOCALURL);
 }
 
 $PAGE->set_url('/course/switchrole.php', array('id'=>$id, 'switchrole'=>$switchrole));

diff --git a/mod/wiki/filesedit_form.php b/mod/wiki/filesedit_form.php
@@ -36,7 +36,7 @@ protected function definition() {
         $mform->addElement('filemanager', 'files_filemanager', get_string('files'), null, $options);
 
         $mform->addElement('hidden', 'returnurl', $data->returnurl);
-        $mform->setType('returnurl', PARAM_URL);
+        $mform->setType('returnurl', PARAM_LOCALURL);
 
         $mform->addElement('hidden', 'subwiki', $data->subwikiid);
         $mform->setType('subwiki', PARAM_INT);

diff --git a/question/bank/history/history.php b/question/bank/history/history.php
@@ -30,7 +30,7 @@
 core_question\local\bank\helper::require_plugin_enabled('qbank_history');
 
 $entryid = required_param('entryid', PARAM_INT);
-$returnurl = required_param('returnurl', PARAM_RAW);
+$returnurl = required_param('returnurl', PARAM_LOCALURL);
 
 list($thispageurl, $contexts, $cmid, $cm, $module, $pagevars) =
         question_edit_setup('questions', '/question/bank/history/history.php');

diff --git a/question/bank/previewquestion/preview.php b/question/bank/previewquestion/preview.php
@@ -48,7 +48,7 @@
 
 // Get and validate question id.
 $id = required_param('id', PARAM_INT);
-$returnurl = optional_param('returnurl', null, PARAM_RAW);
+$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
 
 $question = question_bank::load_question($id);
 

diff --git a/user/action_redir.php b/user/action_redir.php
@@ -61,7 +61,7 @@
 
     $userids = optional_param_array('userid', array(), PARAM_INT);
     $default = new moodle_url('/user/index.php', ['id' => $course->id]);
-    $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_URL));
+    $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_LOCALURL));
 
     if (empty($userids)) {
         $userids = optional_param_array('bulkuser', array(), PARAM_INT);