mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

fixed cleaning of path in custom scripts SC#221; merged from MOODLE_16_STABLE

Browse Source
This commit is contained in:
skodak 2006-05-20 17:23:14 +00:00
parent 76046108e9
commit a38a768b29
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/moodlelib.php
View File

@ -7061,16 +7061,13 @@ function custom_script_path($urlpath='') {
$urlpath = qualified_me(); // e.g. http://www.this-server.com/moodle/this-script.php
}
// clean the $urlpath
$urlpath = clean_param($urlpath, PARAM_URL);
// $urlpath is invalid if it is empty or does not start with the Moodle wwwroot
if (empty($urlpath) or (strpos($urlpath, $CFG->wwwroot) === false )) {
return false;
}
// replace wwwroot with the path to the customscripts folder
$scriptpath = $CFG->customscripts . substr($urlpath, strlen($CFG->wwwroot));
// replace wwwroot with the path to the customscripts folder and clean path
$scriptpath = $CFG->customscripts . clean_param(substr($urlpath, strlen($CFG->wwwroot)), PARAM_PATH);
// remove the query string, if any
if (($strpos = strpos($scriptpath, '?')) !== false) {