mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

MDL-72029 Lesson: Prevent arbitrary file read when importing lesson questions in blackboard format

Browse Source
This commit is contained in:
Huong Nguyen 2022-05-06 12:21:39 +07:00 committed by Jenkins
parent d585f902fc
commit 3cafb305de
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
question/format/blackboard_six/format.php
View File

@ -152,7 +152,8 @@ class qformat_blackboard_six extends qformat_blackboard_six_base {
}
if ($examfile->getAttribute('type') == 'assessment/x-bb-pool') {
if ($examfile->getAttribute('baseurl')) {
$fileobj->filebase = $this->tempdir. '/' . $examfile->getAttribute('baseurl');
$fileobj->filebase = clean_param($this->tempdir . '/'
. $examfile->getAttribute('baseurl'), PARAM_SAFEPATH);
}
if ($content = $this->get_filecontent($examfile->getAttribute('file'))) {
$fileobj->filetype = self::FILETYPE_POOL;