rss MDLSITE-1007 now running clean_param() over the user token
authorAndrew Davis <andrew@affinitysoftware.net>
Mon, 4 Oct 2010 06:56:51 +0000 (06:56 +0000)
committerAndrew Davis <andrew@affinitysoftware.net>
Mon, 4 Oct 2010 06:56:51 +0000 (06:56 +0000)
rss/file.php

index 4f59eb0..3963b79 100644 (file)
@@ -58,7 +58,7 @@ if (count($args) < 5) {
 }
 
 $contextid   = (int)$args[0];
-$token  = $args[1];
+$token  = clean_param($args[1], PARAM_ALPHANUM);
 $componentname = clean_param($args[2], PARAM_FILE);