From d030268d68d2a7855e1a3394ba5a4d83ef8d49aa Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Wed, 29 Sep 2004 06:52:24 +0000
Subject: [PATCH] Merged pathname checks from stable

---
 mod/quiz/export.php | 4 +++-
 mod/quiz/import.php | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/mod/quiz/export.php b/mod/quiz/export.php
index 4ad463a513..e6ed588646 100644
--- a/mod/quiz/export.php
+++ b/mod/quiz/export.php
@@ -33,8 +33,10 @@
 
     if ($form = data_submitted()) {   /// Filename
 
+        $form->format = clean_filename($form->format);
+
         if (! is_readable("format/$form->format/format.php")) {
-            error("Format not known ($form->format)");
+            error('Format not known ('.clean_text($form->format).')');
         }
 
         require("format.php");  // Parent class
diff --git a/mod/quiz/import.php b/mod/quiz/import.php
index 5701cf569b..393c176353 100644
--- a/mod/quiz/import.php
+++ b/mod/quiz/import.php
@@ -47,8 +47,10 @@
 
         if (is_array($newfile)) { // either for file already on server or just uploaded file.
 
+            $form->format = clean_filename($form->format);
+
             if (! is_readable("format/$form->format/format.php")) {
-                error("Format not known ($form->format)");
+                error('Format not known ('.clean_text($form->format).')');
             }
 
             require("format.php");  // Parent class
-- 
2.39.5