fixed cleaning of path in custom scripts SC#221; merged from MOODLE_16_STABLE

author skodak <skodak>

Sat, 20 May 2006 17:23:14 +0000 (17:23 +0000)

committer skodak <skodak>

Sat, 20 May 2006 17:23:14 +0000 (17:23 +0000)
author skodak <skodak>
Sat, 20 May 2006 17:23:14 +0000 (17:23 +0000)
committer skodak <skodak>
Sat, 20 May 2006 17:23:14 +0000 (17:23 +0000)
diff --git a/lib/moodlelib.php b/lib/moodlelib.php

index fbcbf840ff76b0bb6d451f80fb72d4695d90e86a..daf5bac98ce258b414f388a11397619aa158ec5c 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -7061,16 +7061,13 @@ function custom_script_path($urlpath='') {
          $urlpath = qualified_me(); // e.g. http://www.this-server.com/moodle/this-script.php
      }
  
-    // clean the $urlpath
-    $urlpath = clean_param($urlpath, PARAM_URL);
-
      // $urlpath is invalid if it is empty or does not start with the Moodle wwwroot
      if (empty($urlpath) or (strpos($urlpath, $CFG->wwwroot) === false )) {
          return false;
      }
  
-    // replace wwwroot with the path to the customscripts folder
-    $scriptpath = $CFG->customscripts . substr($urlpath, strlen($CFG->wwwroot));
+    // replace wwwroot with the path to the customscripts folder and clean path
+    $scriptpath = $CFG->customscripts . clean_param(substr($urlpath, strlen($CFG->wwwroot)), PARAM_PATH);
  
      // remove the query string, if any
      if (($strpos = strpos($scriptpath, '?')) !== false) {