rss MDLSITE-1007 fixed a security problem with rss feed params
authorAndrew Davis <andrew@affinitysoftware.net>
Mon, 4 Oct 2010 07:23:27 +0000 (07:23 +0000)
committerAndrew Davis <andrew@affinitysoftware.net>
Mon, 4 Oct 2010 07:23:27 +0000 (07:23 +0000)
mod/data/rsslib.php
mod/glossary/rsslib.php

index 5bd1c09..a762dad 100644 (file)
@@ -16,7 +16,7 @@
             return null;
         }
 
-        $dataid = $args[3];
+        $dataid = clean_param($args[3], PARAM_INT);
         $data = $DB->get_record('data', array('id' => $dataid), '*', MUST_EXIST);
 
         if (!rss_enabled_for_mod('data', $data, false, true)) {
index 7cff81b..a53f5ee 100644 (file)
@@ -19,7 +19,7 @@
             return null;
         }
 
-        $glossaryid = $args[3];
+        $glossaryid  = clean_param($args[3], PARAM_INT);
         $glossary = $DB->get_record('glossary', array('id' => $glossaryid), '*', MUST_EXIST);
 
         if (!rss_enabled_for_mod('glossary', $glossary)) {