From: nicolasconnault Date: Tue, 9 Oct 2007 14:08:05 +0000 (+0000) Subject: MDL-11608 The $rename param was obtained with PARAM_NOTAG, I changed that to PARAM_RA... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=62ecaed9dfa810f2e7ea1291734ce0bb77fdf99a;p=moodle.git MDL-11608 The $rename param was obtained with PARAM_NOTAG, I changed that to PARAM_RAW. I also changed the rename field's value to htmlspecialchars($category->name) --- diff --git a/course/category.php b/course/category.php index 842b58bd55..dbb00d0469 100644 --- a/course/category.php +++ b/course/category.php @@ -16,7 +16,7 @@ $moveup = optional_param('moveup', 0, PARAM_INT); $movedown = optional_param('movedown', 0, PARAM_INT); $moveto = optional_param('moveto', 0, PARAM_INT); - $rename = optional_param('rename', '', PARAM_NOTAGS); + $rename = optional_param('rename', '', PARAM_RAW); $resort = optional_param('resort', 0, PARAM_BOOL); $categorytheme= optional_param('categorytheme', false, PARAM_CLEAN); @@ -54,7 +54,7 @@ if (has_capability('moodle/category:update', $context)) { /// Rename the category if requested if (!empty($rename) and confirm_sesskey()) { - $category->name = $rename; + $category->name = stripslashes_safe($rename); if (! set_field("course_categories", "name", $category->name, "id", $category->id)) { notify("An error occurred while renaming the category"); } @@ -484,7 +484,7 @@ echo '
'; echo ''; echo ''; - echo ''; + echo ''; echo ''; echo '
'; echo '
';