mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-23 09:23:09 +02:00
Code Issues Projects Releases Wiki Activity

MDL-78790 gradereport_grader: normalise report sort parameter safely.

Browse Source
This commit is contained in:
Paul Holden 2023-07-21 18:32:17 +01:00 committed by Huong Nguyen
parent ff75f4c675
commit b417f1edf2
No known key found for this signature in database
GPG Key ID: 40D88AB693A3E72A
1 changed files with 3 additions and 3 deletions

6
grade/report/grader/index.php

@ -33,7 +33,7 @@ $page = optional_param('page', 0, PARAM_INT); // active page
$edit = optional_param('edit', -1, PARAM_BOOL); // sticky editting mode
$sortitemid = optional_param('sortitemid', 0, PARAM_ALPHANUMEXT);
$sort = optional_param('sort', '', PARAM_TEXT);
$sort = optional_param('sort', '', PARAM_ALPHA);
$action = optional_param('action', 0, PARAM_ALPHAEXT);
$move = optional_param('move', 0, PARAM_INT);
$type = optional_param('type', 0, PARAM_ALPHA);
@ -130,8 +130,8 @@ grade_regrade_final_grades_if_required($course);
//Initialise the grader report object that produces the table
//the class grade_report_grader_ajax was removed as part of MDL-21562
if ($sort) {
$sort = strtoupper($sort);
if ($sort && strcasecmp($sort, 'desc') !== 0) {
$sort = 'asc';
}
$report = new grade_report_grader($courseid, $gpr, $context, $page, $sortitemid, $sort);