summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Popov <info@valentineus.link>2018-06-10 15:11:25 +0300
committerValentin Popov <info@valentineus.link>2018-06-10 15:11:25 +0300
commit181e3a2ae91a6b62630afbfb97e6219c75e8ad35 (patch)
tree710b8e9240b4439c0329157c7a3f33157e3f047d
parent9e2852a8e0dddf9f4410e35671537b86495ab0c0 (diff)
downloadauth_link-181e3a2ae91a6b62630afbfb97e6219c75e8ad35.tar.xz
auth_link-181e3a2ae91a6b62630afbfb97e6219c75e8ad35.zip
Standard use of variables
Signed-off-by: Valentin Popov <info@valentineus.link>
-rw-r--r--auth.php15
1 files changed, 7 insertions, 8 deletions
diff --git a/auth.php b/auth.php
index c51d618..5fd00c6 100644
--- a/auth.php
+++ b/auth.php
@@ -127,13 +127,11 @@ class auth_plugin_link extends auth_plugin_base {
public function loginpage_hook() {
global $DB;
- if (!isloggedin()) {
- if (isset($_REQUEST['username']) &&
- isset($_REQUEST['password'])) {
-
- $username = htmlspecialchars($_REQUEST['username']);
- $password = htmlspecialchars($_REQUEST['password']);
+ $username = optional_param('username', '', PARAM_RAW);
+ $password = optional_param('password', '', PARAM_RAW);
+ if (!isloggedin()) {
+ if (!empty($username) && !empty($password)) {
// User existence check.
if ($user = $DB->get_record('user', array('username' => $username) )) {
// Verification of authorization data.
@@ -152,12 +150,13 @@ class auth_plugin_link extends auth_plugin_base {
public function redirect_user() {
global $CFG, $SESSION;
+ $wantsurl = optional_param('wantsurl', '', PARAM_URL);
$redirect = new moodle_url($CFG->wwwroot, $_GET);
if (isset($SESSION->wantsurl)) {
$redirect = new moodle_url($SESSION->wantsurl, $_GET);
- } else if (isset($_GET['wantsurl'])) {
- $redirect = htmlspecialchars($_GET['wantsurl']);
+ } else if (!empty($wantsurl)) {
+ $redirect = new moodle_url($wantsurl);
}
redirect($redirect);