sanitize submitted numerical values

diff --git a/mod/forum/lib.php b/mod/forum/lib.php
index 140390dac0152cb00ad792f27f343777edb49030..27c6697326404877e4037f86b383bedc774f1dee 100644 (file)
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@@ -111,6 +111,10 @@ function forum_add_instance($forum) {
         $forum->assesstimefinish = 0;
     }
 
+    //sanitize given values a bit
+    $forum->warnafter = clean_param($forum->warnafter, PARAM_INT);
+    $forum->blockafter = clean_param($forum->blockafter, PARAM_INT);
+
     if (! $forum->id = insert_record('forum', $forum)) {
         return false;
     }