mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 16:32:18 +02:00
Code Issues Projects Releases Wiki Activity

MDL-72249 message: stricter cleaning of processor type parameter.

Browse Source
This commit is contained in:
Paul Holden 2023-06-27 10:01:31 +01:00 committed by Jenkins
parent b0bb97ee3b
commit 77766f9c8a
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
message/externallib.php
View File

@ -2853,7 +2853,7 @@ class core_message_external extends external_api {
return new external_function_parameters(
array(
'userid' => new external_value(PARAM_INT, 'id of the user, 0 for current user', VALUE_REQUIRED),
'name' => new external_value(PARAM_TEXT, 'The name of the message processor'),
'name' => new external_value(PARAM_SAFEDIR, 'The name of the message processor'),
'formvalues' => new external_multiple_structure(
new external_single_structure(
array(
@ -2929,7 +2929,7 @@ class core_message_external extends external_api {
return new external_function_parameters(
array(
'userid' => new external_value(PARAM_INT, 'id of the user, 0 for current user'),
'name' => new external_value(PARAM_TEXT, 'The name of the message processor', VALUE_REQUIRED),
'name' => new external_value(PARAM_SAFEDIR, 'The name of the message processor', VALUE_REQUIRED),
)
);
}

4
message/lib.php
View File

@ -692,8 +692,8 @@ function message_output_fragment_processor_settings($args = []) {
throw new moodle_exception('Must provide a userid');
}
$type = $args['type'];
$userid = $args['userid'];
$type = clean_param($args['type'], PARAM_SAFEDIR);
$userid = clean_param($args['userid'], PARAM_INT);
$user = core_user::get_user($userid, '*', MUST_EXIST);
if (!core_message_can_edit_message_profile($user)) {