Skip to content

Commit

Permalink
MDL-50614 mod_scorm: Improve validation on currentorg
Browse files Browse the repository at this point in the history
  • Loading branch information
@danmarsden
danmarsden authored and David Monllao committed Jun 30, 2015
1 parent c6a1425 commit 476e97f
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
8 changes: 8 additions & 0 deletions mod/scorm/player.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@
} else {
print_error('missingparameter');
}

// PARAM_RAW is used for $currentorg, validate it against records stored in the table.
if (!empty($currentorg)) {
if (!$DB->record_exists('scorm_scoes', array('scorm' => $scorm->id, 'identifier' => $currentorg))) {
$currentorg = '';
}
}

// If new attempt is being triggered set normal mode and increment attempt number.
$attempt = scorm_get_last_attempt($scorm->id, $USER->id);

Expand Down
7 changes: 7 additions & 0 deletions mod/scorm/prereqs.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,13 @@
print_error('missingparameter');
}

// PARAM_RAW is used for $currentorg, validate it against records stored in the table.
if (!empty($currentorg)) {
if (!$DB->record_exists('scorm_scoes', array('scorm' => $scorm->id, 'identifier' => $currentorg))) {
$currentorg = '';
}
}

$PAGE->set_url('/mod/scorm/prereqs.php', array('scoid' => $scoid, 'attempt' => $attempt, 'id' => $cm->id));

require_login($course, false, $cm);
Expand Down

0 comments on commit 476e97f

Please sign in to comment.