Security: Avoid error in catalogue when attempted hack in course code - refs BT#22085

main/auth/courses.php

@@ -67,6 +67,7 @@ switch ($action) {
         }
         if (Security::check_token('get')) {
             $courseInfo = api_get_course_info($courseCodeToSubscribe);
+            if (!empty($courseInfo)) {
                 CourseManager::autoSubscribeToCourse($courseCodeToSubscribe);
                 $redirectionTarget = CoursesAndSessionsCatalog::generateRedirectUrlAfterSubscription(
                     $courseInfo['course_public_url']
@@ -75,6 +76,14 @@ switch ($action) {
                 header("Location: $redirectionTarget");
                 exit;
             }
+        }
+        Display::addFlash(
+            Display::return_message(get_lang('NoResults'), 'warning')
+        );
+        CoursesAndSessionsCatalog::displayCoursesList('search_course', $searchTerm, $categoryCode);
+
+        exit;
+
         break;
     case 'subscribe_course_validation':
         $toolTitle = get_lang('Subscribe');