Skip to content
Permalink
Browse files

MDL-47865 mod_feedback - XSS through $searchstring in mod/feedback/ma…

…pcourse.php
  • Loading branch information...
grabs authored and marinaglancy committed Oct 26, 2014
1 parent 958703e commit c6b6e5decee4c452b8667f82d7c64f137b687d7c
Showing with 2 additions and 2 deletions.
  1. +2 −2 mod/feedback/mapcourse.php
@@ -112,11 +112,11 @@
'value="'.get_string('searchagain').'" '.
'onclick="document.location=\'mapcourse.php?id='.$id.'\'"/>';
echo '<input type="hidden" name="searchcourse" value="'.$searchcourse.'"/>';
echo '<input type="hidden" name="searchcourse" value="'.s($searchcourse).'"/>';
echo '<input type="hidden" name="feedbackid" value="'.$feedback->id.'"/>';
echo $OUTPUT->help_icon('searchcourses', 'feedback');
} else {
echo '<input type="text" name="searchcourse" value="'.$searchcourse.'"/> ';
echo '<input type="text" name="searchcourse" value="'.s($searchcourse).'"/> ';
echo '<input type="submit" value="'.get_string('searchcourses').'"/>';
echo $OUTPUT->help_icon('searchcourses', 'feedback');
}

0 comments on commit c6b6e5d

Please sign in to comment.
You can’t perform that action at this time.