From: skodak <skodak>
Date: Wed, 30 Aug 2006 08:03:12 +0000 (+0000)
Subject: better input validation in files/index.php SC#307
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=61212e3f96a171ebdc0a051c10917d70a6d96367;p=moodle.git

better input validation in files/index.php SC#307
---

diff --git a/files/index.php b/files/index.php
index 238dd729e3..ef30710696 100644
--- a/files/index.php
+++ b/files/index.php
@@ -16,7 +16,7 @@
     $action  = optional_param('action', '', PARAM_ACTION);
     $name    = optional_param('name', '', PARAM_FILE);
     $oldname = optional_param('oldname', '', PARAM_FILE);
-    $choose  = optional_param('choose', '', PARAM_CLEAN);
+    $choose  = optional_param('choose', '', PARAM_FILE); //in fact it is always 'formname.inputname'
     $userfile= optional_param('userfile','',PARAM_FILE);
     $save    = optional_param('save', 0, PARAM_BOOL);
     $text    = optional_param('text', '', PARAM_RAW);