MDL-29619 Validate urls before generating output

moodle · Oct 21, 2011 · b216ddb · b216ddb
1 parent 22df490
commit b216ddb
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/mod/url/lang/en/url.php b/mod/url/lang/en/url.php
@@ -44,6 +44,7 @@
 $string['displayselectexplain'] = 'Choose display type, unfortunately not all types are suitable for all URLs.';
 $string['externalurl'] = 'External URL';
 $string['framesize'] = 'Frame height';
+$string['invalidstoredurl'] = 'Invalid URL';
 $string['chooseavariable'] = 'Choose a variable...';
 $string['invalidurl'] = 'Entered URL is invalid';
 $string['modulename'] = 'URL';

diff --git a/mod/url/view.php b/mod/url/view.php
@@ -55,6 +55,12 @@
 
 $PAGE->set_url('/mod/url/view.php', array('id' => $cm->id));
 
+// Make sure URL is valid before generating output
+$url->externalurl = clean_param($url->externalurl, PARAM_URL);
+if (empty($url->externalurl)) {
+    print_error('invalidstoredurl', 'url');
+}
+
 if ($redirect) {
     // coming from course page or url index page,
     // the redirection is needed for completion tracking and logging