diff --git a/user/tabs.php b/user/tabs.php index 85dd670723a..a67986f34e5 100644 --- a/user/tabs.php +++ b/user/tabs.php @@ -9,6 +9,10 @@ $filterselect = ''; } + //make sure everything is cleaned properly + $filtertype = clean_param($filtertype, PARAM_ALPHA); + $filterselect = clean_param($filterselect, PARAM_INT); + if (empty($currenttab) or empty($user) or empty($course)) { //error('You cannot call this script in that way'); }