[svn r12492] Escape gidReq to avoid SQL injection - see http://projects.dokeos.com/?do=details&id=1582

18 years ago · 87be91e298
parent 3e3d3924b5
commit 87be91e298
1 changed files with 1 additions and 1 deletions
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -158,7 +158,7 @@ The course id is stored in $_cid session variable.

 // parameters passed via GET
 $logout = isset($_GET["logout"]) ? $_GET["logout"] : '';
-$gidReq = isset($_GET["gidReq"]) ? $_GET["gidReq"] : '';
+$gidReq = isset($_GET["gidReq"]) ? Database::escape_string($_GET["gidReq"]) : '';

 //this fixes some problems with generic functionalities like
 //My Agenda & What's New icons linking to courses