TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade 1-11.38

Browse Source
This commit is contained in:
xesmyd
2026-03-30 14:10:30 +02:00
parent f2a7e6d1fc
commit ac648ef29d
24665 changed files with 69682 additions and 2205004 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main/lp/lp_ajax_save_item.php
+4 -1
View File
@@ -611,9 +611,12 @@ if (isset($_REQUEST['interact'])) {
}
}
// Always use the authenticated user's ID to prevent IDOR — never trust
// the uid from the request, as any enrolled user could overwrite another
// user's Learning Path progress by changing this parameter.
echo save_item(
(!empty($_REQUEST['lid']) ? $_REQUEST['lid'] : null),
(!empty($_REQUEST['uid']) ? $_REQUEST['uid'] : null),
api_get_user_id(),
(!empty($_REQUEST['vid']) ? $_REQUEST['vid'] : null),
(!empty($_REQUEST['iid']) ? $_REQUEST['iid'] : null),
(!empty($_REQUEST['s']) ? $_REQUEST['s'] : null),