From 22afe6d6998e0b76a82a015c569b35e18baecf84 Mon Sep 17 00:00:00 2001
From: thepurpleblob <thepurpleblob>
Date: Wed, 11 Apr 2007 11:00:26 +0000
Subject: [PATCH] MDL-9123: No check was made of the validity of the category
 id read from the form. So it could theoretically have been spoofed.

---
 question/export.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/question/export.php b/question/export.php
index f81d295247..fe8401032a 100644
--- a/question/export.php
+++ b/question/export.php
@@ -64,6 +64,14 @@
     // ensure the files area exists for this course
     make_upload_directory( "$course->id" );
 
+    // check category is valid
+    if (!empty($categoryid)) {
+        $validcats = question_category_options( $course->id, true, false );
+        if (!array_key_exists( $categoryid, $validcats)) {
+            print_error( "Category id ($categoryid) is not permitted." );
+        }
+    }
+
     /// Header
     if (isset($SESSION->modform->instance) and $quiz = get_record('quiz', 'id', $SESSION->modform->instance)) {
         $strupdatemodule = has_capability('moodle/course:manageactivities', $context)
-- 
2.39.5