diff --git a/main/document/document.php b/main/document/document.php index 83daf850c7..d92214e87d 100644 --- a/main/document/document.php +++ b/main/document/document.php @@ -206,7 +206,11 @@ switch ($action) { $file = $sys_course_path.$_course['path'].'/document'.$document_info['path']; $copyfile = $user_folder.basename($document_info['path']); - $file_link = Display::url(get_lang('SeeFile'), api_get_path(WEB_CODE_PATH).'social/myfiles.php'); + $cidReq = Security::remove_XSS($_GET['cidReq']); + $id_session= Security::remove_XSS($_GET['id_session']); + $gidReq= Security::remove_XSS($_GET['gidReq']); + $id= Security::remove_XSS($_GET['id']); + $file_link = Display::url(get_lang('SeeFile'), api_get_path(WEB_CODE_PATH).'social/myfiles.php?cidReq='.$cidReq.'&id_session='.$id_session.'&gidReq='.$gidReq.'&parent_id='.$parent_id); if (file_exists($copyfile)) { $message = get_lang('CopyAlreadyDone').'

';