From f6d6e5446d6da60a867dc00c403dd04b90b7552e Mon Sep 17 00:00:00 2001
From: Andrew Robert Nicols <andrew.nicols@luns.net.uk>
Date: Mon, 7 Nov 2011 14:35:46 +0000
Subject: [PATCH] MDL-30042: Sanitize httpwwwroot in mnet jump

---
 auth/mnet/jump.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/auth/mnet/jump.php b/auth/mnet/jump.php
index d55346c1ec73a..d44d058a7e292 100644
--- a/auth/mnet/jump.php
+++ b/auth/mnet/jump.php
@@ -37,6 +37,13 @@
 
 // If hostid hasn't been specified, try getting it using wwwroot
 if (!$hostid) {
+    $hostwwwroot = trim($hostwwwroot);
+    $hostwwwroot = rtrim($hostwwwroot, '/');
+
+    // ensure the wwwroot starts with a http or https prefix
+    if (strtolower(substr($hostwwwroot, 0, 4)) != 'http') {
+        $hostwwwroot = 'http://'.$hostwwwroot;
+    }
     $hostid = $DB->get_field('mnet_host', 'id', array('wwwroot' => $hostwwwroot));
 }