Permalink
Browse files

MDL-28360 Fix for sql injection vulnerability in flat file enrollment…

… - Matt Meisberger (WebCourseworks)
  • Loading branch information...
1 parent 6bbf934 commit bd4f3fa5c4d38162e2b2410862ebf238a332a400 @matthewdaniel matthewdaniel committed with skodak Jul 15, 2011
Showing with 2 additions and 2 deletions.
  1. +2 −2 enrol/flatfile/enrol.php
@@ -157,13 +157,13 @@ function cron() {
continue;
}
- if (! $user = get_record("user", "idnumber", $fields[2]) ) {
+ if (! $user = get_record("user", "idnumber", addslashes($fields[2])) ) {
$this->log .= "Unknown user idnumber in field 3 - ignoring line\n";
continue;
}
- if (! $course = get_record("course", "idnumber", $fields[3]) ) {
+ if (! $course = get_record("course", "idnumber", addslashes($fields[3])) ) {
$this->log .= "Unknown course idnumber in field 4 - ignoring line\n";
continue;
}

0 comments on commit bd4f3fa

Please sign in to comment.