mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 13:02:07 +02:00
Code Issues Projects Releases Wiki Activity

MDL-62889 message_popup: redirect to notification page if url is empty

Browse Source 
If you pass a URL that is not a valid URL (for example
';') it is cleaned to an empty string which redirects to
$CFG->wwwroot/message/output/popup/ which is not a valid
page.
This commit is contained in:
Mark Nelson 2018-07-11 13:29:18 +08:00
parent 7d5b9da80c
commit c5fcbd1081
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
message/output/popup/mark_notification_read.php
View File

@ -31,9 +31,14 @@ if (isguestuser()) {
}
$notificationid = required_param('notificationid', PARAM_INT);
$redirecturl = optional_param('redirecturl', $CFG->wwwroot, PARAM_URL);
$redirecturl = optional_param('redirecturl', '', PARAM_URL);
$notification = $DB->get_record('notifications', array('id' => $notificationid));
// If the redirect URL after filtering is empty, or it was never passed, then redirect to the notification page.
if (empty($redirecturl)) {
$redirecturl = new moodle_url('/message/output/popup/notifications.php', ['notificationid' => $notificationid]);
}
// Check notification belongs to this user.
if ($USER->id != $notification->useridto) {
redirect($CFG->wwwroot);