chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r21120] logic changes - security improvements in announcements tool - (partial FS#4261)

Browse Source
skala
Isaac Flores 17 years ago
parent 339ce68566
commit e91943ae28
1 changed files with 4 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/announcements/announcements.php

8
main/announcements/announcements.php
Unescape View File

@ -1,4 +1,4 @@
<?php //$Id: announcements.php 20650 2009-05-14 18:55:50Z aportugal $ <?php //$Id: announcements.php 21120 2009-05-30 23:07:10Z iflorespaz $
/* /*
============================================================================== ==============================================================================
Dokeos - elearning and course management software Dokeos - elearning and course management software
@ -57,7 +57,7 @@ $nameTools = get_lang('Announcement');
//session //session
if(isset($_GET['id_session'])) { if(isset($_GET['id_session'])) {
$_SESSION['id_session'] = $_GET['id_session']; $_SESSION['id_session'] = Security::remove_XSS($_GET['id_session']);
} }
/* ------------ ACCESS RIGHTS ------------ */ /* ------------ ACCESS RIGHTS ------------ */
@ -273,7 +273,7 @@ if(!empty($_GET['remind_inactive']))
$surveyid = 0; $surveyid = 0;
if(!empty($_REQUEST['publish_survey'])) if(!empty($_REQUEST['publish_survey']))
{ {
$surveyid=Database::escape_string($_REQUEST['publish_survey']); $surveyid=Database::escape_string(Security::remove_XSS($_REQUEST['publish_survey']));
} }
$cidReq=Database::escape_string($_REQUEST['cidReq']); $cidReq=Database::escape_string($_REQUEST['cidReq']);
if($surveyid) if($surveyid)
@ -790,7 +790,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
$cidReq = $_REQUEST['cidReq']; $cidReq = $_REQUEST['cidReq'];
?> ?>
<script> <script>
window.location.href="../survey/survey_list.php?<?php echo api_get_cidreq(); ?>&published=published&surveyid=<?php echo $_REQUEST['publish_survey']; ?>"; window.location.href="../survey/survey_list.php?<?php echo api_get_cidreq(); ?>&published=published&surveyid=<?php echo Security::remove_XSS($_REQUEST['publish_survey']); ?>";
</script> </script>
<?php <?php
} }

Write Preview
Loading…
Cancel
Save