better cleaning of $file parameter SC#276; merged from MOODLE_16_STABLE

rsendhil · Jul 11, 2006 · 496d064 · 496d064
1 parent b2ec109
commit 496d064
Showing 1 changed file with 1 addition and 5 deletions.
diff --git a/help.php b/help.php
@@ -16,17 +16,13 @@
 
     require_once('config.php');
 
-    $file   = optional_param('file', '', PARAM_CLEAN);
+    $file   = optional_param('file', '', PARAM_PATH);
     $text   = optional_param('text', 'No text to display', PARAM_CLEAN);
     $module = optional_param('module', 'moodle', PARAM_ALPHAEXT);
     $forcelang = optional_param('forcelang', '', PARAM_ALPHAEXT);
 
     print_header();
 
-    if (detect_munged_arguments($module .'/'. $file)) {
-        error('Filenames contain illegal characters!');
-    }
-
     print_simple_box_start('center', '96%');
 
     $helpfound = false;