chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Filter actions to avoid XSS in personal courses sorting - refs BT#22085

Browse Source
pull/4629/merge
Yannick Warnier 11 months ago
parent 814672b002
commit 78bc0da7b3
1 changed files with 13 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      main/auth/sort_my_courses.php

14
main/auth/sort_my_courses.php
Unescape View File

@ -12,7 +12,19 @@ $auth = new Auth();
$user_course_categories = CourseManager::get_user_course_categories(api_get_user_id());
$courses_in_category = $auth->getCoursesInCategory(false);
$action = isset($_REQUEST['action']) ? Security::remove_XSS($_REQUEST['action']) : '';
// Only authorized actions
$authorizedActions = [
'edit_category',
'edit_course_category',
'deletecoursecategory',
'createcoursecategory',
'set_collapsable',
'unsubscribe'
];
if (in_array(trim($_REQUEST['action']), $authorizedActions)) {
$action = trim($_REQUEST['action']);
}
$currentUrl = api_get_self();
$interbreadcrumb[] = [

Write Preview
Loading…
Cancel
Save