From: thepurpleblob Date: Wed, 11 Apr 2007 11:00:26 +0000 (+0000) Subject: MDL-9123: X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=22afe6d6998e0b76a82a015c569b35e18baecf84;p=moodle.git MDL-9123: No check was made of the validity of the category id read from the form. So it could theoretically have been spoofed. --- diff --git a/question/export.php b/question/export.php index f81d295247..fe8401032a 100644 --- a/question/export.php +++ b/question/export.php @@ -64,6 +64,14 @@ // ensure the files area exists for this course make_upload_directory( "$course->id" ); + // check category is valid + if (!empty($categoryid)) { + $validcats = question_category_options( $course->id, true, false ); + if (!array_key_exists( $categoryid, $validcats)) { + print_error( "Category id ($categoryid) is not permitted." ); + } + } + /// Header if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) { $strupdatemodule = has_capability('moodle/course:manageactivities', $context)