Permalink
Browse files

MDL-15896 - Clean 'page' and 'q' parameters to only allow normal page…

… name characters.
  • Loading branch information...
1 parent 9c29e6b commit c03ace0bdb15809846419cabedf5892f3698b26c mchurch committed Jul 31, 2008
Showing with 5 additions and 5 deletions.
  1. +5 −5 mod/wiki/view.php
View
@@ -13,12 +13,12 @@
$ewiki_action = optional_param('ewiki_action', '', PARAM_ALPHA); // Action on Wiki-Page
$id = optional_param('id', 0, PARAM_INT); // Course Module ID, or
$wid = optional_param('wid', 0, PARAM_INT); // Wiki ID
- $page = optional_param('page', false); // Wiki Page Name
- $q = optional_param('q',""); // Search Context
+ $page = optional_param('page', false, PARAM_PATH); // Wiki Page Name
+ $q = optional_param('q',"", PARAM_PATH); // Search Context
$userid = optional_param('userid', 0, PARAM_INT); // User wiki.
$groupid = optional_param('groupid', 0, PARAM_INT); // Group wiki.
- $canceledit = optional_param('canceledit','', PARAM_ALPHA); // Editing has been cancelled
- $cacheme = optional_param('allowcache', 1, PARAM_INT); // Set this to 0 to try and disable page caching.
+ $canceledit = optional_param('canceledit','', PARAM_ALPHA); // Editing has been cancelled
+ $cacheme = optional_param('allowcache', 1, PARAM_INT); // Set this to 0 to try and disable page caching.
// Only want to add edit log entries if we have made some changes ie submitted a form
$editsave = optional_param('thankyou', '');
@@ -29,7 +29,7 @@
if(count($actions)==2) {
$pagename=$actions[1];
} else {
- $pagename=$actions[0];
+ $pagename=$actions[0];
}
} else {
$actions=array('');

0 comments on commit c03ace0

Please sign in to comment.