From 1ca84b296f2128c1308a0022056bdd92e8cd4319 Mon Sep 17 00:00:00 2001 From: moodler Date: Wed, 29 Sep 2004 05:35:04 +0000 Subject: [PATCH] Merged filename checks from stable --- admin/auth.php | 11 ++++++----- admin/enrol.php | 5 ++++- admin/module.php | 1 + 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/admin/auth.php b/admin/auth.php index a74e6f53a4..2a1c93dcf5 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -48,11 +48,12 @@ $options[$module] = get_string("auth_$module"."title", "auth"); } asort($options); - if (isset($_GET['auth'])) { - $auth = $_GET['auth']; - } else { - $auth = $config->auth; - } + if (isset($_GET['auth'])) { + $auth = $_GET['auth']; + } else { + $auth = $config->auth; + } + $auth = clean_filename($auth); require_once("$CFG->dirroot/auth/$auth/lib.php"); //just to make sure that current authentication functions are loaded if (! isset($config->guestloginbutton)) { $config->guestloginbutton = 1; diff --git a/admin/enrol.php b/admin/enrol.php index 4312823f64..480bfa8d7a 100644 --- a/admin/enrol.php +++ b/admin/enrol.php @@ -3,8 +3,10 @@ // Yes, enrol is correct English spelling. include("../config.php"); + + $enrol = (string)parameter('enrol', $CFG->enrol); + require_login(); - optional_variable($enrol, $CFG->enrol); if (!$site = get_site()) { redirect("index.php"); @@ -14,6 +16,7 @@ error("Only the admin can use this page"); } + $enrol = clean_filename($enrol); require_once("$CFG->dirroot/enrol/$enrol/enrol.php"); /// Open the class $enrolment = new enrolment_plugin(); diff --git a/admin/module.php b/admin/module.php index a4466663f1..3985475d24 100644 --- a/admin/module.php +++ b/admin/module.php @@ -29,6 +29,7 @@ require_variable($module); + $module = clean_filename($module); require_once("$CFG->dirroot/mod/$module/lib.php"); -- 2.39.5