optional_variable($mode,"approval");
optional_variable($hook,"ALL");
+ $mode = strip_tags(urldecode($mode)); //XSS
+ $hook = strip_tags(urldecode($hook)); //XSS
+
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
optional_variable($action,"add"); // Action to perform
optional_variable($confirm,0); // Confirm the action
+ $action = strip_tags(urldecode($action)); //XSS
+
$action = strtolower($action);
global $THEME, $USER, $CFG;
require_variable($prevmode); // current frame
optional_variable($hook); // pivot id
+ $prevmode = strip_tags(urldecode($prevmode)); //XSS
+ $hook = strip_tags(urldecode($hook)); //XSS
+
$strglossary = get_string("modulename", "glossary");
$strglossaries = get_string("modulenameplural", "glossary");
$stredit = get_string("edit");
optional_variable($mode); // categories if by category?
optional_variable($hook); // CategoryID
+$mode = strip_tags(urldecode($mode)); //XSS
+$hook = strip_tags(urldecode($hook)); //XSS
+
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
}
require_once("../../config.php");
require_once("lib.php");
- require_variable($id); // Course Module ID, or
- optional_variable($mode); // cat
- optional_variable($hook); // category ID
- optional_variable($action); // what to do
- optional_variable($usedynalink); // category ID
- optional_variable($confirm); // confirm the action
+ require_variable($id); // Course Module ID, or
+ optional_variable($mode); // cat
+ optional_variable($hook); // category ID
+ optional_variable($action); // what to do
+ optional_variable($usedynalink); // category ID
+ optional_variable($confirm); // confirm the action
- optional_variable($name); // confirm the action
+ optional_variable($name); // confirm the action
- $action = strtolower($action);
+ $action = strip_tags(urldecode($action)); //XSS
+ $hook = strip_tags(urldecode($hook)); //XSS
+ $mode = strip_tags(urldecode($mode)); //XSS
+
+ $action = strtolower($action);
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
require_once("../../config.php");
require_once("lib.php");
- require_variable($id); // course module ID
- require_variable($entry); // Entry ID
- optional_variable($confirm); // confirmation
- optional_variable($mode);
- optional_variable($hook);
+ require_variable($id); // course module ID
+ require_variable($entry); // Entry ID
+ optional_variable($confirm); // confirmation
+ optional_variable($mode);
+ optional_variable($hook);
+
+ $hook = strip_tags(urldecode($hook)); //XSS
+ $mode = strip_tags(urldecode($mode)); //XSS
- global $THEME, $USER, $CFG;
+ global $THEME, $USER, $CFG;
$PermissionGranted = 1;
require_variable($id);
optional_variable($mode);
+
+ $mode = strip_tags(urldecode($mode)); //XSS
require_login();
if ( !isadmin() ) {
optional_variable($offset); // number of entries to bypass
optional_variable($displayformat,-1);
+ $mode = strip_tags(urldecode($mode)); //XSS
+ $hook = strip_tags(urldecode($hook)); //XSS
+ $sortkey = strip_tags(urldecode($sortkey)); //XSS
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
optional_variable($show,""); // [ concept | alias ] => mode=term hook=$show
optional_variable($displayformat,-1); // override of the glossary display format
+ $mode = strip_tags(urldecode($mode)); //XSS
+ $hook = strip_tags(urldecode($hook)); //XSS
+ $fullsearch = strip_tags(urldecode($fullsearch)); //XSS
+ $sortkey = strip_tags(urldecode($sortkey)); //XSS
+ $sortorder = strip_tags(urldecode($sortorder)); //XSS
+ $offset = strip_tags(urldecode($offset)); //XSS
+ $show = strip_tags(urldecode($show)); //XSS
+
if (!empty($id)) {
if (! $cm = get_record("course_modules", "id", $id)) {
error("Course Module ID was incorrect");
projects / moodle.git / commitdiff