rss MDLSITE-1007 now running clean_param() over the user token

diff --git a/rss/file.php b/rss/file.php
index 4f59eb0..3963b79 100644 (file)
--- a/rss/file.php
+++ b/rss/file.php
@@ -58,7 +58,7 @@ if (count($args) < 5) {
 }
 
 $contextid   = (int)$args[0];
-$token  = $args[1];
+$token  = clean_param($args[1], PARAM_ALPHANUM);
 $componentname = clean_param($args[2], PARAM_FILE);