MDL-52216 mod_lesson: prevent invalid view modes

author Eugene Venter <eugene@catalyst.net.nz>

Mon, 31 Oct 2016 21:10:21 +0000 (10:10 +1300)

committer Eugene Venter <eugene@catalyst.net.nz>

Thu, 10 Nov 2016 20:19:37 +0000 (09:19 +1300)
author Eugene Venter <eugene@catalyst.net.nz>
Mon, 31 Oct 2016 21:10:21 +0000 (10:10 +1300)
committer Eugene Venter <eugene@catalyst.net.nz>
Thu, 10 Nov 2016 20:19:37 +0000 (09:19 +1300)
diff --git a/mod/lesson/edit.php b/mod/lesson/edit.php

index 2bcae9e..e337fe8 100644 (file)
--- a/mod/lesson/edit.php
+++ b/mod/lesson/edit.php
@@ -38,6 +38,10 @@ $context = context_module::instance($cm->id);
  require_capability('mod/lesson:manage', $context);
  
  $mode    = optional_param('mode', get_user_preferences('lesson_view', 'collapsed'), PARAM_ALPHA);
+// Ensure a valid mode is set.
+if (!in_array($mode, array('single', 'full', 'collapsed'))) {
+    $mode = 'collapsed';
+}
  $PAGE->set_url('/mod/lesson/edit.php', array('id'=>$cm->id,'mode'=>$mode));
  
  if ($mode != get_user_preferences('lesson_view', 'collapsed') && $mode !== 'single') {
author	Eugene Venter <eugene@catalyst.net.nz>
	Mon, 31 Oct 2016 21:10:21 +0000 (10:10 +1300)
committer	Eugene Venter <eugene@catalyst.net.nz>
	Thu, 10 Nov 2016 20:19:37 +0000 (09:19 +1300)