Skip to content

Commit b440012

Browse files
ywarnierywarnier
committed
Security: Avoid error in catalogue when attempted hack in course code - refs BT#22085
1 parent d8b42f6 commit b440012

File tree

1 file changed

+15
-6
lines changed

1 file changed

+15
-6
lines changed

main/auth/courses.php

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -67,14 +67,23 @@
6767
}
6868
if (Security::check_token('get')) {
6969
$courseInfo = api_get_course_info($courseCodeToSubscribe);
70-
CourseManager::autoSubscribeToCourse($courseCodeToSubscribe);
71-
$redirectionTarget = CoursesAndSessionsCatalog::generateRedirectUrlAfterSubscription(
72-
$courseInfo['course_public_url']
73-
);
70+
if (!empty($courseInfo)) {
71+
CourseManager::autoSubscribeToCourse($courseCodeToSubscribe);
72+
$redirectionTarget = CoursesAndSessionsCatalog::generateRedirectUrlAfterSubscription(
73+
$courseInfo['course_public_url']
74+
);
7475

75-
header("Location: $redirectionTarget");
76-
exit;
76+
header("Location: $redirectionTarget");
77+
exit;
78+
}
7779
}
80+
Display::addFlash(
81+
Display::return_message(get_lang('NoResults'), 'warning')
82+
);
83+
CoursesAndSessionsCatalog::displayCoursesList('search_course', $searchTerm, $categoryCode);
84+
85+
exit;
86+
7887
break;
7988
case 'subscribe_course_validation':
8089
$toolTitle = get_lang('Subscribe');

0 commit comments

Comments
 (0)