Fix coding covention and add security to the variable $_SERVER

9 years ago · 01b43f5512
parent ebf574fd02
commit 01b43f5512
2 changed files with 2 additions and 2 deletions
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -719,7 +719,7 @@ if ($form->validate()) {
        }
    }

-    if(!empty($_SESSION['urlReturn'])){
+    if (!empty($_SESSION['urlReturn'])) {
        $form_data['action'] = api_get_path(WEB_PATH).$_SESSION['urlReturn'];
        Session::erase('urlReturn');
    }
--- a/plugin/buycourses/src/process.php
+++ b/plugin/buycourses/src/process.php
@ -13,7 +13,7 @@ use ChamiloSession as Session;
 $currentUserId = api_get_user_id();

 if (empty($currentUserId)) {
-    Session::write('urlReturn', $_SERVER['REQUEST_URI']);
+    Session::write('urlReturn', Security :: remove_XSS($_SERVER['REQUEST_URI']));
    header('Location: ' . api_get_path(WEB_CODE_PATH) . 'auth/inscription.php');
    exit;
 }