mirror of
https://github.com/moodle/moodle.git
synced 2025-01-31 12:45:04 +01:00
"MDL-19118, fixed security bug in comments, thanks to Petr"
This commit is contained in:
parent
158cd5d91a
commit
5758852313
@ -21,16 +21,10 @@
|
||||
require_once('../config.php');
|
||||
require_once($CFG->dirroot . '/comment/lib.php');
|
||||
|
||||
$courseid = optional_param('courseid', SITEID, PARAM_INT);
|
||||
$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
|
||||
list($context, $course, $cm) = get_context_info_array($contextid);
|
||||
|
||||
$context = get_context_instance_by_id($contextid);
|
||||
if ($context->contextlevel == CONTEXT_MODULE) {
|
||||
$cm = get_coursemodule_from_id('', $context->instanceid);
|
||||
} else {
|
||||
$cm = null;
|
||||
}
|
||||
require_login($courseid, true, $cm);
|
||||
require_login($course->id, true, $cm);
|
||||
|
||||
$err = new stdclass;
|
||||
|
||||
@ -60,7 +54,7 @@ $page = optional_param('page', 0, PARAM_INT);
|
||||
if (!empty($client_id)) {
|
||||
$cmt = new stdclass;
|
||||
$cmt->contextid = $contextid;
|
||||
$cmt->courseid = $courseid;
|
||||
$cmt->courseid = $course->id;
|
||||
$cmt->area = $area;
|
||||
$cmt->itemid = $itemid;
|
||||
$cmt->client_id = $client_id;
|
||||
|
@ -21,8 +21,8 @@
|
||||
require_once('../config.php');
|
||||
require_once($CFG->dirroot . '/comment/lib.php');
|
||||
|
||||
$courseid = optional_param('courseid', SITEID, PARAM_INT);
|
||||
$contextid = optional_param('contextid', SYSCONTEXTID, PARAM_INT);
|
||||
list($context, $course, $cm) = get_context_info_array($contextid);
|
||||
|
||||
$context = get_context_instance_by_id($contextid);
|
||||
if ($context->contextlevel == CONTEXT_MODULE) {
|
||||
@ -30,7 +30,7 @@ if ($context->contextlevel == CONTEXT_MODULE) {
|
||||
} else {
|
||||
$cm = null;
|
||||
}
|
||||
require_login($courseid, true, $cm);
|
||||
require_login($course->id, true, $cm);
|
||||
|
||||
$err = new stdclass;
|
||||
|
||||
@ -55,7 +55,7 @@ $returnurl = optional_param('returnurl', '', PARAM_URL);
|
||||
|
||||
$cmt = new stdclass;
|
||||
$cmt->contextid = $contextid;
|
||||
$cmt->courseid = $courseid;
|
||||
$cmt->courseid = $course->id;
|
||||
$cmt->area = $area;
|
||||
$cmt->itemid = $itemid;
|
||||
$comment = new comment($cmt);
|
||||
|
Loading…
x
Reference in New Issue
Block a user