diff options
| author | Valentin Popov <info@valentineus.link> | 2018-06-10 15:11:25 +0300 |
|---|---|---|
| committer | Valentin Popov <info@valentineus.link> | 2018-06-10 15:11:25 +0300 |
| commit | 181e3a2ae91a6b62630afbfb97e6219c75e8ad35 (patch) | |
| tree | 710b8e9240b4439c0329157c7a3f33157e3f047d /auth.php | |
| parent | 9e2852a8e0dddf9f4410e35671537b86495ab0c0 (diff) | |
| download | auth_link-181e3a2ae91a6b62630afbfb97e6219c75e8ad35.tar.xz auth_link-181e3a2ae91a6b62630afbfb97e6219c75e8ad35.zip | |
Standard use of variables
Signed-off-by: Valentin Popov <info@valentineus.link>
Diffstat (limited to 'auth.php')
| -rw-r--r-- | auth.php | 15 |
1 files changed, 7 insertions, 8 deletions
@@ -127,13 +127,11 @@ class auth_plugin_link extends auth_plugin_base { public function loginpage_hook() { global $DB; - if (!isloggedin()) { - if (isset($_REQUEST['username']) && - isset($_REQUEST['password'])) { - - $username = htmlspecialchars($_REQUEST['username']); - $password = htmlspecialchars($_REQUEST['password']); + $username = optional_param('username', '', PARAM_RAW); + $password = optional_param('password', '', PARAM_RAW); + if (!isloggedin()) { + if (!empty($username) && !empty($password)) { // User existence check. if ($user = $DB->get_record('user', array('username' => $username) )) { // Verification of authorization data. @@ -152,12 +150,13 @@ class auth_plugin_link extends auth_plugin_base { public function redirect_user() { global $CFG, $SESSION; + $wantsurl = optional_param('wantsurl', '', PARAM_URL); $redirect = new moodle_url($CFG->wwwroot, $_GET); if (isset($SESSION->wantsurl)) { $redirect = new moodle_url($SESSION->wantsurl, $_GET); - } else if (isset($_GET['wantsurl'])) { - $redirect = htmlspecialchars($_GET['wantsurl']); + } else if (!empty($wantsurl)) { + $redirect = new moodle_url($wantsurl); } redirect($redirect); |