From cceb8614ffe070a3d4cc6431b87947c47cd5b4bc Mon Sep 17 00:00:00 2001
From: "Eloy Lafuente (stronk7)" <stronk7@moodle.org>
Date: Mon, 28 Sep 2020 14:28:01 +0200
Subject: [PATCH] Avoid processing blank/empty paths

They were leading to the whole codebase being checked since #83.
---
 index.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 376f434a..0761d5d5 100644
--- a/index.php
+++ b/index.php
@@ -61,7 +61,10 @@
     $failed = false;
     $fullpaths = [];
     foreach ($paths as $path) {
-        $path = clean_param($path, PARAM_PATH);
+        $path = trim(clean_param($path, PARAM_PATH));
+        if (empty($path)) { // No blanks, we don't want to check the whole dirroot.
+            continue;
+        }
         $fullpath = $CFG->dirroot . '/' . trim($path, '/');
         if (!is_file($fullpath) && !is_dir($fullpath)) {
             echo $output->invald_path_message($path);