Browse Source

Fix #466 - sanity check sort var before using.

MOODLE_35_STABLE
Dan Marsden 5 years ago
parent
commit
f485ce7d89
  1. 6
      absentee.php
  2. 8
      coursesummary.php

6
absentee.php

@ -102,6 +102,12 @@ $table->setup();
$sortcolumns = $table->get_sort_columns();
// Now do sorting if specified.
// Sanity check $sort var before including in sql. Make sure it matches a known column.
$allowedsort = array_diff(array_keys($table->columns), $table->column_nosort);
if (!in_array($sort, $allowedsort)) {
$sort = '';
}
$orderby = ' ORDER BY percent ASC';
if (!empty($sort)) {
$direction = ' DESC';

8
coursesummary.php

@ -95,8 +95,14 @@ $table->setup();
// Work out direction of sort required.
$sortcolumns = $table->get_sort_columns();
// Now do sorting if specified.
// Sanity check $sort var before including in sql. Make sure it matches a known column.
$allowedsort = array_diff(array_keys($table->columns), $table->column_nosort);
if (!in_array($sort, $allowedsort)) {
$sort = '';
}
// Now do sorting if specified.
$orderby = ' ORDER BY percentage ASC';
if (!empty($sort)) {
$direction = ' DESC';

Loading…
Cancel
Save