We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 284a750 commit 083b1d2Copy full SHA for 083b1d2
main/help/help.php
@@ -8,8 +8,27 @@
8
*/
9
require_once __DIR__.'/../inc/global.inc.php';
10
11
+$allowedHelp = [
12
+ 'Blogs',
13
+ 'Group',
14
+ 'Groups',
15
+ 'Announcements',
16
+ 'Settings',
17
+ 'Doc',
18
+ 'Dropbox',
19
+ 'Exercise',
20
+ 'Tracking',
21
+ 'User',
22
+ 'Links',
23
+ 'Path',
24
+ 'Survey',
25
+ 'Classes',
26
+ 'Wiki',
27
+];
28
+
29
$help_name = isset($_GET['open']) ? Security::remove_XSS($_GET['open']) : null;
-if (empty($help_name)) {
30
31
+if (empty($help_name) || !in_array($help_name, $allowedHelp)) {
32
api_not_allowed(true);
33
}
34
0 commit comments