Open danmarsden opened 9 months ago
https://github.com/schoolyear/moodle-quizaccess_schoolyear/blob/main/lib.php#L8
can you look to use the moodle api's optional_param or required_param with appropriate cleaning rather than taking the raw unfiltered data from $_REQUEST?
more info here: https://moodledev.io/general/development/policies/security#dont-trust-any-input-from-users
https://github.com/schoolyear/moodle-quizaccess_schoolyear/blob/main/lib.php#L8
can you look to use the moodle api's optional_param or required_param with appropriate cleaning rather than taking the raw unfiltered data from $_REQUEST?
more info here: https://moodledev.io/general/development/policies/security#dont-trust-any-input-from-users