MDL-35991 - use PARAM_LOCALURL for local urls

simoncoggins · danpoltawski · commit fd1d8295002c · 2013-01-07T10:09:20.000+08:00
diff --git a/backup/backupfilesedit.php b/backup/backupfilesedit.php
@@ -33,7 +33,7 @@
 // file parameters
 $component  = optional_param('component', null, PARAM_COMPONENT);
 $filearea   = optional_param('filearea', null, PARAM_AREA);
-$returnurl  = optional_param('returnurl', null, PARAM_URL);
+$returnurl  = optional_param('returnurl', null, PARAM_LOCALURL);
 
 list($context, $course, $cm) = get_context_info_array($currentcontext);
 $filecontext = context::instance_by_id($contextid, IGNORE_MISSING);
diff --git a/comment/comment_post.php b/comment/comment_post.php
@@ -38,7 +38,7 @@
 $area      = optional_param('area',      '',  PARAM_AREA);
 $content   = optional_param('content',   '',  PARAM_RAW);
 $itemid    = optional_param('itemid',    '',  PARAM_INT);
-$returnurl = optional_param('returnurl', '/', PARAM_URL);
+$returnurl = optional_param('returnurl', '/', PARAM_LOCALURL);
 $component = optional_param('component', '',  PARAM_COMPONENT);
 
 // Currently this script can only add comments
diff --git a/course/switchrole.php b/course/switchrole.php
@@ -35,7 +35,7 @@
 
 $id         = required_param('id', PARAM_INT);
 $switchrole = optional_param('switchrole',-1, PARAM_INT);
-$returnurl  = optional_param('returnurl', false, PARAM_URL);
+$returnurl  = optional_param('returnurl', false, PARAM_LOCALURL);
 
 $PAGE->set_url('/course/switchrole.php', array('id'=>$id));
 
@@ -84,4 +84,4 @@
     $returnurl = new moodle_url('/course/view.php', array('id' => $course->id));
 }
 
-redirect($returnurl);
+redirect($returnurl);
diff --git a/mod/wiki/filesedit.php b/mod/wiki/filesedit.php
@@ -31,7 +31,7 @@
 $subwikiid = required_param('subwiki', PARAM_INT);
 // not being used for file management, we use it to generate navbar link
 $pageid    = optional_param('pageid', 0, PARAM_INT);
-$returnurl = optional_param('returnurl', '', PARAM_URL);
+$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);
 
 if (!$subwiki = wiki_get_subwiki($subwikiid)) {
     print_error('incorrectsubwikiid', 'wiki');
diff --git a/tag/coursetags_add.php b/tag/coursetags_add.php
@@ -35,7 +35,7 @@
     print_error('tagsaredisabled', 'tag');
 }
 
-$returnurl = optional_param('returnurl', null, PARAM_TEXT);
+$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);
 $keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);
 $courseid = optional_param('entryid', 0, PARAM_INT);
 $userid = optional_param('userid', 0, PARAM_INT);
diff --git a/user/files.php b/user/files.php
@@ -32,7 +32,7 @@
     die();
 }
 
-$returnurl = optional_param('returnurl', '', PARAM_URL);
+$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);
 
 if (empty($returnurl)) {
     $returnurl = new moodle_url('/user/files.php');

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@`
`35`	`35`	`print_error('tagsaredisabled', 'tag');`
`36`	`36`	`}`
`37`	`37`
`38`		`-$returnurl = optional_param('returnurl', null, PARAM_TEXT);`
	`38`	`+$returnurl = optional_param('returnurl', null, PARAM_LOCALURL);`
`39`	`39`	`$keyword = optional_param('coursetag_new_tag', '', PARAM_TEXT);`
`40`	`40`	`$courseid = optional_param('entryid', 0, PARAM_INT);`
`41`	`41`	`$userid = optional_param('userid', 0, PARAM_INT);`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@`
`32`	`32`	`die();`
`33`	`33`	`}`
`34`	`34`
`35`		`-$returnurl = optional_param('returnurl', '', PARAM_URL);`
	`35`	`+$returnurl = optional_param('returnurl', '', PARAM_LOCALURL);`
`36`	`36`
`37`	`37`	`if (empty($returnurl)) {`
`38`	`38`	`$returnurl = new moodle_url('/user/files.php');`