From 8a2fe407095ae47b083741e9921c5b9f65fe9ac7 Mon Sep 17 00:00:00 2001 From: stronk7 Date: Sun, 29 Aug 2004 22:57:41 +0000 Subject: [PATCH] strip_tags() to some parameters. Thanks skodak. Bug 1836 (http://moodle.org/bugs/bug.php?op=show&bugid=1836) Merged from MOODLE_14_STABLE --- mod/glossary/approve.php | 3 +++ mod/glossary/comment.php | 2 ++ mod/glossary/deleteentry.php | 3 +++ mod/glossary/edit.php | 3 +++ mod/glossary/editcategories.php | 20 ++++++++++++-------- mod/glossary/exportentry.php | 15 +++++++++------ mod/glossary/formats.php | 2 ++ mod/glossary/print.php | 3 +++ mod/glossary/view.php | 8 ++++++++ 9 files changed, 45 insertions(+), 14 deletions(-) diff --git a/mod/glossary/approve.php b/mod/glossary/approve.php index a1258690da..9bd46e5b49 100644 --- a/mod/glossary/approve.php +++ b/mod/glossary/approve.php @@ -9,6 +9,9 @@ optional_variable($mode,"approval"); optional_variable($hook,"ALL"); + $mode = strip_tags(urldecode($mode)); //XSS + $hook = strip_tags(urldecode($hook)); //XSS + if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); } diff --git a/mod/glossary/comment.php b/mod/glossary/comment.php index 2d91df2e4b..ef80a3713d 100644 --- a/mod/glossary/comment.php +++ b/mod/glossary/comment.php @@ -11,6 +11,8 @@ optional_variable($action,"add"); // Action to perform optional_variable($confirm,0); // Confirm the action + $action = strip_tags(urldecode($action)); //XSS + $action = strtolower($action); global $THEME, $USER, $CFG; diff --git a/mod/glossary/deleteentry.php b/mod/glossary/deleteentry.php index 15a860554e..5508a6b7fd 100644 --- a/mod/glossary/deleteentry.php +++ b/mod/glossary/deleteentry.php @@ -9,6 +9,9 @@ require_variable($prevmode); // current frame optional_variable($hook); // pivot id + $prevmode = strip_tags(urldecode($prevmode)); //XSS + $hook = strip_tags(urldecode($hook)); //XSS + $strglossary = get_string("modulename", "glossary"); $strglossaries = get_string("modulenameplural", "glossary"); $stredit = get_string("edit"); diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php index a6b1e7824f..b58098fccf 100644 --- a/mod/glossary/edit.php +++ b/mod/glossary/edit.php @@ -12,6 +12,9 @@ optional_variable($confirm,0); // proceed. Edit the edtry optional_variable($mode); // categories if by category? optional_variable($hook); // CategoryID +$mode = strip_tags(urldecode($mode)); //XSS +$hook = strip_tags(urldecode($hook)); //XSS + if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); } diff --git a/mod/glossary/editcategories.php b/mod/glossary/editcategories.php index 03a0168c5e..3dd0c09403 100644 --- a/mod/glossary/editcategories.php +++ b/mod/glossary/editcategories.php @@ -5,16 +5,20 @@ require_once("../../config.php"); require_once("lib.php"); - require_variable($id); // Course Module ID, or - optional_variable($mode); // cat - optional_variable($hook); // category ID - optional_variable($action); // what to do - optional_variable($usedynalink); // category ID - optional_variable($confirm); // confirm the action + require_variable($id); // Course Module ID, or + optional_variable($mode); // cat + optional_variable($hook); // category ID + optional_variable($action); // what to do + optional_variable($usedynalink); // category ID + optional_variable($confirm); // confirm the action - optional_variable($name); // confirm the action + optional_variable($name); // confirm the action - $action = strtolower($action); + $action = strip_tags(urldecode($action)); //XSS + $hook = strip_tags(urldecode($hook)); //XSS + $mode = strip_tags(urldecode($mode)); //XSS + + $action = strtolower($action); if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); diff --git a/mod/glossary/exportentry.php b/mod/glossary/exportentry.php index 93809a5b00..3def1c5b06 100644 --- a/mod/glossary/exportentry.php +++ b/mod/glossary/exportentry.php @@ -2,13 +2,16 @@ require_once("../../config.php"); require_once("lib.php"); - require_variable($id); // course module ID - require_variable($entry); // Entry ID - optional_variable($confirm); // confirmation - optional_variable($mode); - optional_variable($hook); + require_variable($id); // course module ID + require_variable($entry); // Entry ID + optional_variable($confirm); // confirmation + optional_variable($mode); + optional_variable($hook); + + $hook = strip_tags(urldecode($hook)); //XSS + $mode = strip_tags(urldecode($mode)); //XSS - global $THEME, $USER, $CFG; + global $THEME, $USER, $CFG; $PermissionGranted = 1; diff --git a/mod/glossary/formats.php b/mod/glossary/formats.php index d7ae740f32..fdd3867076 100644 --- a/mod/glossary/formats.php +++ b/mod/glossary/formats.php @@ -7,6 +7,8 @@ require_variable($id); optional_variable($mode); + + $mode = strip_tags(urldecode($mode)); //XSS require_login(); if ( !isadmin() ) { diff --git a/mod/glossary/print.php b/mod/glossary/print.php index 995cf1ca85..d19256ee4c 100644 --- a/mod/glossary/print.php +++ b/mod/glossary/print.php @@ -13,6 +13,9 @@ optional_variable($offset); // number of entries to bypass optional_variable($displayformat,-1); + $mode = strip_tags(urldecode($mode)); //XSS + $hook = strip_tags(urldecode($hook)); //XSS + $sortkey = strip_tags(urldecode($sortkey)); //XSS if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); diff --git a/mod/glossary/view.php b/mod/glossary/view.php index 0497bb0200..0cd1151fc5 100644 --- a/mod/glossary/view.php +++ b/mod/glossary/view.php @@ -29,6 +29,14 @@ optional_variable($show,""); // [ concept | alias ] => mode=term hook=$show optional_variable($displayformat,-1); // override of the glossary display format + $mode = strip_tags(urldecode($mode)); //XSS + $hook = strip_tags(urldecode($hook)); //XSS + $fullsearch = strip_tags(urldecode($fullsearch)); //XSS + $sortkey = strip_tags(urldecode($sortkey)); //XSS + $sortorder = strip_tags(urldecode($sortorder)); //XSS + $offset = strip_tags(urldecode($offset)); //XSS + $show = strip_tags(urldecode($show)); //XSS + if (!empty($id)) { if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); -- 2.39.5