MDL-29311 messaging: added a safety check to prevent message refreshing causing inadv...
authorAndrew Davis (andyjdavis) <andrew@moodle.com>
Wed, 14 Sep 2011 08:04:40 +0000 (16:04 +0800)
committerAparup Banerjee <aparup@moodle.com>
Mon, 19 Sep 2011 05:45:10 +0000 (13:45 +0800)
message/refresh.php

index 88532de..2ee38b7 100644 (file)
     $userfullname = strip_tags(required_param('name', PARAM_RAW));
     $wait         = optional_param('wait', MESSAGE_DEFAULT_REFRESH, PARAM_INT);
 
+    if ($wait < 1) {
+        //this should not happen unless someone is manually constructing URLs
+        //allowing a wait of 0 causes continuous GET requests
+        $wait = MESSAGE_DEFAULT_REFRESH;
+    }
+
     $stylesheetshtml = '';
     foreach ($CFG->stylesheets as $stylesheet) {
         $stylesheetshtml .= '<link rel="stylesheet" type="text/css" href="'.$stylesheet.'" />';