chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Plugin: Validate plugin name to load its README.md file

Browse Source
pull/5363/head
Angel Fernando Quiroz Campos 2 years ago
parent 884d9b396b
commit e6999a97c4
1 changed files with 9 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 10
      main/inc/ajax/plugin.ajax.php

10
main/inc/ajax/plugin.ajax.php
Unescape View File

@ -13,8 +13,16 @@ $action = $_REQUEST['a'];
switch ($action) {
case 'md_to_html':
$plugin = isset($_GET['plugin']) ? $_GET['plugin'] : '';
$plugin = $_GET['plugin'] ?? '';
$appPlugin = new AppPlugin();
$pluginPaths = $appPlugin->read_plugins_from_path();
if (!in_array($plugin, $pluginPaths)) {
echo Display::return_message(get_lang('NotAllowed'), 'error', false);
exit;
}
$pluginInfo = $appPlugin->getPluginInfo($plugin);
$html = '';

Write Preview
Loading…
Cancel
Save