From c9f120b83ebd2da61a6c23f4ce7f51fccfaa7512 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 27 Jan 2021 08:55:52 +0100
Subject: [PATCH] Agenda: Fix type paremeter #security

---
 main/calendar/agenda_list.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main/calendar/agenda_list.php b/main/calendar/agenda_list.php
index 9ff9479ee7..94d4437a6d 100755
--- a/main/calendar/agenda_list.php
+++ b/main/calendar/agenda_list.php
@@ -12,7 +12,8 @@ $logInfo = [
 ];
 Event::registerLog($logInfo);
 
-$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : null;
+$typeList = ['personal', 'course', 'admin', 'platform'];
+$type = isset($_REQUEST['type']) && in_array($_REQUEST['type'], $typeList, true) ? $_REQUEST['type'] : null;
 
 $interbreadcrumb[] = [
     'url' => api_get_path(WEB_CODE_PATH).'calendar/agenda_js.php?type='.Security::remove_XSS($type),