Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

MDL-15184: fix sql injection vulnerability

  • Loading branch information...
commit b0e7781eb8900c49f14100240f7ab38e685f4a13 1 parent 069dbaa
gbateson authored
Showing with 8 additions and 4 deletions.
  1. +8 −4 mod/hotpot/report.php
View
12 mod/hotpot/report.php
@@ -380,10 +380,14 @@ function hotpot_delete_selected_attempts(&$hotpot, $del) {
$select = "hotpot='$hotpot->id' AND status=".HOTPOT_STATUS_ABANDONED;
break;
case 'selection':
- $ids = (array)data_submitted();
- unset($ids['del']);
- unset($ids['id']);
- if (!empty($ids)) {
+ $ids = array();
+ $data = (array)data_submitted();
+ foreach ($data as $name => $value) {
+ if (preg_match('/^box\d+$/', $name)) {
+ $ids[] = intval($value);
+ }
+ }
+ if (count($ids)) {
$select = "hotpot='$hotpot->id' AND clickreportid IN (".implode(',', $ids).")";
}
break;
Please sign in to comment.
Something went wrong with that request. Please try again.