Skip to content

Commit

Permalink
MDL-62889 message_popup: redirect to notification page if url is empty
Browse files Browse the repository at this point in the history
If you pass a URL that is not a valid URL (for example
';') it is cleaned to an empty string which redirects to
$CFG->wwwroot/message/output/popup/ which is not a valid
page.
  • Loading branch information
mdjnelson committed Jul 18, 2018
1 parent bf69854 commit b36383f
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion message/output/popup/mark_notification_read.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,15 @@
}

$notificationid = required_param('notificationid', PARAM_INT);
$redirecturl = optional_param('redirecturl', $CFG->wwwroot, PARAM_URL);
$redirecturl = optional_param('redirecturl', '', PARAM_URL);

$notification = $DB->get_record('message', array('id' => $notificationid, 'notification' => 1));

// If the redirect URL after filtering is empty, or it was never passed, then redirect to the notification page.
if (empty($redirecturl)) {
$redirecturl = new moodle_url('/message/output/popup/notifications.php', ['notificationid' => $notificationid]);
}

// If found, is unread, so mark read if belongs to this user.
if ($notification) {
if ($USER->id == $notification->useridto) {
Expand Down

0 comments on commit b36383f

Please sign in to comment.