Skip to content
GitLab
Commit d942f031 authored by Dan Marsden's avatar Dan Marsden Committed by David Monllaó
Browse files

MDL-50614 mod_scorm: Improve validation on currentorg

parent 419f4c47
Hide whitespace changes
Inline Side-by-side
mod/scorm/player.php
View file @ d942f031
...@@ -51,6 +51,14 @@ if (!empty($id)) { ...@@ -51,6 +51,14 @@ if (!empty($id)) {
} else { } else {
print_error('missingparameter'); print_error('missingparameter');
} }
// PARAM_RAW is used for $currentorg, validate it against records stored in the table.
if (!empty($currentorg)) {
if (!$DB->record_exists('scorm_scoes', array('scorm' => $scorm->id, 'identifier' => $currentorg))) {
$currentorg = '';
}
}
// If new attempt is being triggered set normal mode and increment attempt number. // If new attempt is being triggered set normal mode and increment attempt number.
$attempt = scorm_get_last_attempt($scorm->id, $USER->id); $attempt = scorm_get_last_attempt($scorm->id, $USER->id);
......
mod/scorm/prereqs.php
View file @ d942f031
...@@ -50,6 +50,13 @@ if (!empty($id)) { ...@@ -50,6 +50,13 @@ if (!empty($id)) {
print_error('missingparameter'); print_error('missingparameter');
} }
// PARAM_RAW is used for $currentorg, validate it against records stored in the table.
if (!empty($currentorg)) {
if (!$DB->record_exists('scorm_scoes', array('scorm' => $scorm->id, 'identifier' => $currentorg))) {
$currentorg = '';
}
}
$PAGE->set_url('/mod/scorm/prereqs.php', array('scoid' => $scoid, 'attempt' => $attempt, 'id' => $cm->id)); $PAGE->set_url('/mod/scorm/prereqs.php', array('scoid' => $scoid, 'attempt' => $attempt, 'id' => $cm->id));
require_login($course, false, $cm); require_login($course, false, $cm);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment