From: skodak <skodak>
Date: Sat, 20 May 2006 17:23:14 +0000 (+0000)
Subject: fixed cleaning of path in custom scripts SC#221; merged from MOODLE_16_STABLE
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=a38a768b297a0a465ca91d8649ad136de7ba9d44;p=moodle.git

fixed cleaning of path in custom scripts SC#221; merged from MOODLE_16_STABLE
---

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index fbcbf840ff..daf5bac98c 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -7061,16 +7061,13 @@ function custom_script_path($urlpath='') {
         $urlpath = qualified_me(); // e.g. http://www.this-server.com/moodle/this-script.php
     }
 
-    // clean the $urlpath
-    $urlpath = clean_param($urlpath, PARAM_URL);
-
     // $urlpath is invalid if it is empty or does not start with the Moodle wwwroot
     if (empty($urlpath) or (strpos($urlpath, $CFG->wwwroot) === false )) {
         return false;
     }
 
-    // replace wwwroot with the path to the customscripts folder
-    $scriptpath = $CFG->customscripts . substr($urlpath, strlen($CFG->wwwroot));
+    // replace wwwroot with the path to the customscripts folder and clean path
+    $scriptpath = $CFG->customscripts . clean_param(substr($urlpath, strlen($CFG->wwwroot)), PARAM_PATH);
 
     // remove the query string, if any
     if (($strpos = strpos($scriptpath, '?')) !== false) {