Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-29619 Validate urls before generating output

commit b216ddbe68e44638bd5524283ac879c34f77ad5b 1 parent 22df490
@ankitagarwal ankitagarwal authored
Showing with 7 additions and 0 deletions.
  1. +1 −0  mod/url/lang/en/url.php
  2. +6 −0 mod/url/view.php
View
1  mod/url/lang/en/url.php
@@ -44,6 +44,7 @@
$string['displayselectexplain'] = 'Choose display type, unfortunately not all types are suitable for all URLs.';
$string['externalurl'] = 'External URL';
$string['framesize'] = 'Frame height';
+$string['invalidstoredurl'] = 'Invalid URL';
$string['chooseavariable'] = 'Choose a variable...';
$string['invalidurl'] = 'Entered URL is invalid';
$string['modulename'] = 'URL';
View
6 mod/url/view.php
@@ -55,6 +55,12 @@
$PAGE->set_url('/mod/url/view.php', array('id' => $cm->id));
+// Make sure URL is valid before generating output
+$url->externalurl = clean_param($url->externalurl, PARAM_URL);
+if (empty($url->externalurl)) {
+ print_error('invalidstoredurl', 'url');
+}
+
if ($redirect) {
// coming from course page or url index page,
// the redirection is needed for completion tracking and logging
Please sign in to comment.
Something went wrong with that request. Please try again.