From: skodak Date: Mon, 11 Sep 2006 06:47:38 +0000 (+0000) Subject: validate local redirection actions in jumpto.php SC#310 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3435f39bab7731e1600a0e3d422c2baa5040d2e9;p=moodle.git validate local redirection actions in jumpto.php SC#310 --- diff --git a/course/jumpto.php b/course/jumpto.php index c634266258..ce4df789f0 100644 --- a/course/jumpto.php +++ b/course/jumpto.php @@ -10,6 +10,10 @@ $jump = optional_param('jump', '', PARAM_RAW); + if (!confirm_sesskey()) { + print_error('confirmsesskeybad'); + } + if (strpos($jump, $CFG->wwwroot) === 0) { // Anything on this site redirect(urldecode($jump)); } else if (preg_match('/^[a-z]+\.php\?/', $jump)) { diff --git a/lib/weblib.php b/lib/weblib.php index 01ce4f0649..aeebd5f897 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -1053,6 +1053,7 @@ function popup_form($common, $options, $formname, $selected='', $nothing='choose } $output .= ''; + $output .= ''; $output .= ''; $output .= '