StudentQuiz: can we mitigate the potential XSS risks? #812360

studentquiz · Aug 16, 2024 · 8db2022 · 8db2022
1 parent ecd900c
commit 8db2022
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/lib.php b/lib.php
@@ -73,6 +73,22 @@ function studentquiz_supports($feature) {
     }
 }
 
+/**
+ * Callback immediately after require_login succeeds.
+ */
+function studentquiz_after_require_login() {
+    global $PAGE, $CFG, $COURSE;
+    if ($PAGE->activityname === 'studentquiz') {
+        $CFG->forceclean = true;
+    } else if ($catparam = optional_param('cat', null, PARAM_SEQUENCE)) {
+        [, $contextid] = explode(',', $catparam);
+        $instanceid = context::instance_by_id($contextid)->instanceid;
+        if (get_course_and_cm_from_cmid($instanceid, 'studentquiz', $COURSE)) {
+            $CFG->forceclean = true;
+        }
+    }
+}
+
 /**
  * Saves a new instance of the StudentQuiz into the database
  *