From be88433c7e5781e5041550fb851dc85f8b2b34f4 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Tue, 14 Dec 2004 20:28:23 +0000
Subject: [PATCH] filename is the 5th parameter. Now it's cleaned and used by
 the send_file() function.

---
 rss/file.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rss/file.php b/rss/file.php
index cf2fc08913..5c918e050f 100644
--- a/rss/file.php
+++ b/rss/file.php
@@ -31,7 +31,7 @@
     // extract relative path components
     $args = explode('/', trim($relativepath, '/'));
     
-    if (count($args) < 4) {
+    if (count($args) < 5) {
         not_found();
     }
 
@@ -39,6 +39,7 @@
     $userid     = (int)$args[1];
     $modulename = clean_param($args[2], PARAM_FILE);
     $instance   = (int)$args[3];
+    $filename   = clean_param($args[4], PARAM_FILE);
     
     if (!$course = get_record("course", "id", $courseid)) {
         not_found();
@@ -68,7 +69,6 @@
         not_found();
     }
 
-    $filename = $instance.'.xml';
     $pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$filename;
 
     //Check that file exists
@@ -81,7 +81,7 @@
 
     function not_found() {
         /// error, send some XML with error message
-        global $lifetime;
-        send_file(rss_geterrorxmlfile(), 'rsserror.xml', $lifetime, false, true);
+        global $lifetime, $filename;
+        send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
     }
 ?>
-- 
2.39.5