Merged from MOODLE_14_STABLE - Tighter input validation fixes SC#54

diff --git a/lib/editor/popups/preview.php b/lib/editor/popups/preview.php
index 61363a044f7f612864c1c39d812faa0395f9eb9e..4fa83df06c8772da56f82817666f2e28de7b64f7 100644 (file)
--- a/lib/editor/popups/preview.php
+++ b/lib/editor/popups/preview.php
@@ -3,8 +3,8 @@
     include("../../../config.php");
     require("../../../files/mimetypes.php");
     
-    require_variable($id);
-    require_variable($imageurl);
+    $id       = required_param('id', PARAM_INT);
+    $imageurl = required_param('imageurl', PARAM_URL);
 
     if (! $course = get_record("course", "id", $id) ) {
         error("That's an invalid course id");
@@ -19,7 +19,8 @@
     $imageurl = rawurldecode($imageurl);   /// Full URL starts with $CFG->wwwroot/file.php
     $imagepath = str_replace("$CFG->wwwroot/file.php", '', $imageurl);
     $imagepath = str_replace("?file=", '', $imagepath); // if we're using second option of file path.
-    
+
+    $size = null;
     if ($imagepath != $imageurl) {         /// This is an internal image
         $size = getimagesize($CFG->dataroot.$imagepath);
     }