mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 13:02:07 +02:00
Code Issues Projects Releases Wiki Activity

MDL-75237 qformat_blackboard_six: sanitise blackboard import file paths

Browse Source
This commit is contained in:
Petr Skoda 2022-07-15 19:12:28 +02:00 committed by Jenkins
parent 5ed64ce150
commit 2f70b320bb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
question/format/blackboard_six/format.php
View File

@ -65,7 +65,7 @@ class qformat_blackboard_six extends qformat_blackboard_six_base {
* @return mixed contents array or false on failure
*/
public function get_filecontent($path) {
$fullpath = $this->tempdir . '/' . $path;
$fullpath = $this->tempdir . '/' . clean_param($path, PARAM_PATH);
if (is_file($fullpath) && is_readable($fullpath)) {
return file_get_contents($fullpath);
}
@ -152,7 +152,7 @@ class qformat_blackboard_six extends qformat_blackboard_six_base {
}
if ($examfile->getAttribute('type') == 'assessment/x-bb-pool') {
if ($examfile->getAttribute('baseurl')) {
$fileobj->filebase = $this->tempdir. '/' . $examfile->getAttribute('baseurl');
$fileobj->filebase = $this->tempdir. '/' . clean_param($examfile->getAttribute('baseurl'), PARAM_PATH);
}
if ($content = $this->get_filecontent($examfile->getAttribute('file'))) {
$fileobj->filetype = self::FILETYPE_POOL;