Skip to content

Commit

Permalink
Security: Avoid error in catalogue when attempted hack in course code…
Browse files Browse the repository at this point in the history 
… - refs BT#22085
  • Loading branch information
@ywarnier
ywarnier committed Oct 8, 2024
1 parent d8b42f6 commit b440012
Showing 1 changed file with 15 additions and 6 deletions.
21 changes: 15 additions & 6 deletions main/auth/courses.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,14 +67,23 @@
}
if (Security::check_token('get')) {
$courseInfo = api_get_course_info($courseCodeToSubscribe);
CourseManager::autoSubscribeToCourse($courseCodeToSubscribe);
$redirectionTarget = CoursesAndSessionsCatalog::generateRedirectUrlAfterSubscription(
$courseInfo['course_public_url']
);
if (!empty($courseInfo)) {
CourseManager::autoSubscribeToCourse($courseCodeToSubscribe);
$redirectionTarget = CoursesAndSessionsCatalog::generateRedirectUrlAfterSubscription(
$courseInfo['course_public_url']
);

header("Location: $redirectionTarget");
exit;
header("Location: $redirectionTarget");
exit;
}
}
Display::addFlash(
Display::return_message(get_lang('NoResults'), 'warning')
);
CoursesAndSessionsCatalog::displayCoursesList('search_course', $searchTerm, $categoryCode);

exit;

break;
case 'subscribe_course_validation':
$toolTitle = get_lang('Subscribe');
Expand Down

0 comments on commit b440012

Please sign in to comment.