MDL-47868 ws: verify upload areas
[moodle.git] / webservice / upload.php
index 93310cd..03503b2 100644 (file)
@@ -68,6 +68,11 @@ if ($fileuploaddisabled) {
 $context = context_user::instance($USER->id);
 require_capability('moodle/user:manageownfiles', $context);
 
+if ($filearea !== 'private' and $filearea !== 'draft') {
+    // Do not dare to allow more areas here!
+    throw new file_exception('error');
+}
+
 $fs = get_file_storage();
 
 $totalsize = 0;