From cb1be8fe674de0a2a4fa7b98795eed8a10593c39 Mon Sep 17 00:00:00 2001
From: DamienLyon <renou.damien@gmail.com>
Date: Mon, 9 Mar 2026 07:59:57 +0100
Subject: [PATCH] Validate image URL and format in AJAX request

Add validation for image URL format in exercise.ajax.php Prevent XSS
---
 main/inc/ajax/exercise.ajax.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main/inc/ajax/exercise.ajax.php b/main/inc/ajax/exercise.ajax.php
index 8849e425c92..45ff7071c23 100755
--- a/main/inc/ajax/exercise.ajax.php
+++ b/main/inc/ajax/exercise.ajax.php
@@ -441,7 +441,10 @@
 
         $questionId = isset($_REQUEST['question_id']) ? (int) $_REQUEST['question_id'] : null;
         $image = isset($_REQUEST['image']) ? $_REQUEST['image'] : '';
-
+        if (!filter_var($image, FILTER_VALIDATE_URL) || !preg_match('/\.(jpg|jpeg|png|gif|svg)$/i', $image)) {
+            echo '0';
+            exit;
+        }
         $questionList = $objExercise->getQuestionList();
 
         if (!in_array($questionId, $questionList)) {