From 76560c31752ea02b93e3e994275c666b964005ce Mon Sep 17 00:00:00 2001
From: martinlanghoff <martinlanghoff>
Date: Tue, 25 Jan 2005 06:21:39 +0000
Subject: [PATCH] Merged from MOODLE_14_STABLE - Tighter input validation fixes
 SC#54

---
 lib/editor/popups/preview.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/editor/popups/preview.php b/lib/editor/popups/preview.php
index 61363a044f..4fa83df06c 100644
--- a/lib/editor/popups/preview.php
+++ b/lib/editor/popups/preview.php
@@ -3,8 +3,8 @@
     include("../../../config.php");
     require("../../../files/mimetypes.php");
     
-    require_variable($id);
-    require_variable($imageurl);
+    $id       = required_param('id', PARAM_INT);
+    $imageurl = required_param('imageurl', PARAM_URL);
 
     if (! $course = get_record("course", "id", $id) ) {
         error("That's an invalid course id");
@@ -19,7 +19,8 @@
     $imageurl = rawurldecode($imageurl);   /// Full URL starts with $CFG->wwwroot/file.php
     $imagepath = str_replace("$CFG->wwwroot/file.php", '', $imageurl);
     $imagepath = str_replace("?file=", '', $imagepath); // if we're using second option of file path.
-    
+
+    $size = null;
     if ($imagepath != $imageurl) {         /// This is an internal image
         $size = getimagesize($CFG->dataroot.$imagepath);
     }
-- 
2.39.5