From: mchurch <mchurch>
Date: Thu, 31 Jul 2008 14:06:18 +0000 (+0000)
Subject: MDL-15896 - Clean 'page' and 'q' parameters to only allow normal page name characters.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=d39bbb8a0edb4a169f0777ec9e00254ad21edf63;p=moodle.git

MDL-15896 - Clean 'page' and 'q' parameters to only allow normal page name characters.
---

diff --git a/mod/wiki/view.php b/mod/wiki/view.php
index 38ea503b66..51dc4aed0d 100644
--- a/mod/wiki/view.php
+++ b/mod/wiki/view.php
@@ -13,12 +13,12 @@
     $ewiki_action = optional_param('ewiki_action', '', PARAM_ALPHA);     // Action on Wiki-Page
     $id           = optional_param('id', 0, PARAM_INT);                  // Course Module ID, or
     $wid          = optional_param('wid', 0, PARAM_INT);                 // Wiki ID
-    $page         = optional_param('page', false);       // Wiki Page Name
-    $q            = optional_param('q',"");              // Search Context
+    $page         = optional_param('page', false, PARAM_PATH);           // Wiki Page Name
+    $q            = optional_param('q',"", PARAM_PATH);                  // Search Context
     $userid       = optional_param('userid', 0, PARAM_INT);              // User wiki.
     $groupid      = optional_param('groupid', 0, PARAM_INT);             // Group wiki.
-    $canceledit   = optional_param('canceledit','', PARAM_ALPHA);          // Editing has been cancelled
-    $cacheme      = optional_param('allowcache', 1, PARAM_INT);   // Set this to 0 to try and disable page caching.
+    $canceledit   = optional_param('canceledit','', PARAM_ALPHA);        // Editing has been cancelled
+    $cacheme      = optional_param('allowcache', 1, PARAM_INT);          // Set this to 0 to try and disable page caching.
     
     // Only want to add edit log entries if we have made some changes ie submitted a form
     $editsave = optional_param('thankyou', '');