[svn r21111] fixed vulnerable get parameter: item_id - partial FS#4261

16 years ago · 79e56acddc
parent fa945c9dfc
commit 79e56acddc
2 changed files with 2 additions and 2 deletions
--- a/main/newscorm/lp_content.php
+++ b/main/newscorm/lp_content.php
@ -11,7 +11,7 @@ $debug = 0;
 if($debug>0){error_log('New lp - In lp_content.php',0);}
 if(empty($lp_controller_touched)){
 	if($debug>0){error_log('New lp - In lp_content.php - Redirecting to lp_controller',0);}
-	header('location: lp_controller.php?action=content&lp_id='.$_REQUEST['lp_id'].'&item_id='.$_REQUEST['item_id']);
+	header('location: lp_controller.php?action=content&lp_id='.Security::remove_XSS($_REQUEST['lp_id']).'&item_id='.Security::remove_XSS($_REQUEST['item_id']));
 }
 $_SESSION['oLP']->error = '';
 $lp_type = $_SESSION['oLP']->get_type();
--- a/main/newscorm/lp_controller.php
+++ b/main/newscorm/lp_controller.php
@ -628,7 +628,7 @@ switch($action)
 			$_SESSION['refresh'] = 1;
 			if(!empty($_REQUEST['parent_item_id'])){
 				$_SESSION['from_learnpath']='yes';
-				$_SESSION['origintoolurl'] = 'lp_controller.php?action=admin_view&lp_id='.$_REQUEST['lp_id'];
+				$_SESSION['origintoolurl'] = 'lp_controller.php?action=admin_view&lp_id='.Security::remove_XSS($_REQUEST['lp_id']);
 				require('resourcelinker.php');
 				//$_SESSION['oLP']->add_sub_item($_REQUEST['parent_item_id'],$_REQUEST['previous'],$_REQUEST['type'],$_REQUEST['path'],$_REQUEST['title']);
 			}else{