Skip to content

Commit

Permalink
Merge pull request #363 from Opencast-Moodle/fix/teacher-upload-vuln
Browse files Browse the repository at this point in the history 
Make sure teachers can't upload videos into arbitrary series in single-upload
  • Loading branch information
@NinaHerrmann
NinaHerrmann authored Mar 18, 2024
2 parents 02eaf59 + 1ced42b commit bf56dc3
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion addvideo.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,11 @@
require_once($CFG->dirroot . '/repository/lib.php');

$courseid = required_param('courseid', PARAM_INT);
$series = optional_param('series', null, PARAM_ALPHANUMEXT);
if ($courseid == $SITE->id) {
$series = optional_param('series', null, PARAM_ALPHANUMEXT);
} else {
$series = null;
}
$ocinstanceid = optional_param('ocinstanceid', settings_api::get_default_ocinstance()->id, PARAM_INT);

$baseurlparams = [
Expand Down

0 comments on commit bf56dc3

Please sign in to comment.