mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-19 07:25:30 +02:00
Code Issues Projects Releases Wiki Activity

MDL-50614 mod_scorm: Improve validation on currentorg

Browse Source
This commit is contained in:
Dan Marsden 2015-06-17 10:17:00 +12:00 committed by David Monllao
parent c6a1425ffb
commit 476e97f280
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mod/scorm/player.php
View File

@ -51,6 +51,14 @@ if (!empty($id)) {
} else {
print_error('missingparameter');
}
// PARAM_RAW is used for $currentorg, validate it against records stored in the table.
if (!empty($currentorg)) {
if (!$DB->record_exists('scorm_scoes', array('scorm' => $scorm->id, 'identifier' => $currentorg))) {
$currentorg = '';
}
}
// If new attempt is being triggered set normal mode and increment attempt number.
$attempt = scorm_get_last_attempt($scorm->id, $USER->id);

7
mod/scorm/prereqs.php
View File

@ -50,6 +50,13 @@ if (!empty($id)) {
print_error('missingparameter');
}
// PARAM_RAW is used for $currentorg, validate it against records stored in the table.
if (!empty($currentorg)) {
if (!$DB->record_exists('scorm_scoes', array('scorm' => $scorm->id, 'identifier' => $currentorg))) {
$currentorg = '';
}
}
$PAGE->set_url('/mod/scorm/prereqs.php', array('scoid' => $scoid, 'attempt' => $attempt, 'id' => $cm->id));
require_login($course, false, $cm);