From: moodler <moodler>
Date: Wed, 29 Sep 2004 06:52:24 +0000 (+0000)
Subject: Merged pathname checks from stable
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=d030268d68d2a7855e1a3394ba5a4d83ef8d49aa;p=moodle.git

Merged pathname checks from stable
---

diff --git a/mod/quiz/export.php b/mod/quiz/export.php
index 4ad463a513..e6ed588646 100644
--- a/mod/quiz/export.php
+++ b/mod/quiz/export.php
@@ -33,8 +33,10 @@
 
     if ($form = data_submitted()) {   /// Filename
 
+        $form->format = clean_filename($form->format);
+
         if (! is_readable("format/$form->format/format.php")) {
-            error("Format not known ($form->format)");
+            error('Format not known ('.clean_text($form->format).')');
         }
 
         require("format.php");  // Parent class
diff --git a/mod/quiz/import.php b/mod/quiz/import.php
index 5701cf569b..393c176353 100644
--- a/mod/quiz/import.php
+++ b/mod/quiz/import.php
@@ -47,8 +47,10 @@
 
         if (is_array($newfile)) { // either for file already on server or just uploaded file.
 
+            $form->format = clean_filename($form->format);
+
             if (! is_readable("format/$form->format/format.php")) {
-                error("Format not known ($form->format)");
+                error('Format not known ('.clean_text($form->format).')');
             }
 
             require("format.php");  // Parent class