1818require (AT_INCLUDE_PATH .'../mods/_core/modules/classes/ModuleListParser.class.php ' );
1919require_once (AT_INCLUDE_PATH .'../mods/_core/file_manager/filemanager.inc.php ' );
2020// delete all folders and files in $dir
21+
22+
2123function clear_dir ($ dir )
2224{
2325 if ($ dh = opendir ($ dir ))
@@ -154,8 +156,15 @@ function clear_dir($dir)
154156
155157 if (!$ msg ->containsErrors ())
156158 {
157- header ('Location: module_install_step_1.php?mod= ' .urlencode ($ module_folder ).SEP .'new=1 ' );
158- exit ;
159+ if ($ _POST ['csrftoken ' ] != $ _SESSION ['token ' ]){
160+ $ msg ->addError ('ACCESS_DENIED ' );
161+ } else {
162+
163+ header ('Location: module_install_step_1.php?mod= ' .urlencode ($ module_folder ).SEP .'new=1 ' );
164+ exit ;
165+ }
166+ //header('Location: module_install_step_1.php?mod='.urlencode($module_folder).SEP.'new=1');
167+ //exit;
159168 }
160169 }
161170
@@ -181,8 +190,13 @@ function clear_dir($dir)
181190 $ dir_name = str_replace (array ('. ' ,'.. ' ), '' , $ _POST ['mod ' ]);
182191
183192 if (isset ($ _POST ['install_manually ' ])) {
184- header ('Location: ' .AT_BASE_HREF .'mods/_core/modules/module_install_step_2.php?mod= ' .urlencode ($ dir_name ).SEP .'new=1 ' .SEP .'mod_in=1 ' );
185- exit ;
193+ // Check for potential CSRF
194+ if ($ _POST ['csrftoken ' ] != $ _SESSION ['token ' ]){
195+ $ msg ->addError ('ACCESS_DENIED ' );
196+ } else {
197+ header ('Location: ' .AT_BASE_HREF .'mods/_core/modules/module_install_step_2.php?mod= ' .urlencode ($ dir_name ).SEP .'new=1 ' .SEP .'mod_in=1 ' );
198+ exit ;
199+ }
186200 }
187201
188202} else if (isset ($ _POST ['install_manually ' ])) {
@@ -255,16 +269,18 @@ function validate_filename() {
255269
256270 // Add $module_list_array as the last parameter, to sort by the common key
257271 // Sorts by original $module_list_array by reference, then returns true|false
258- $ sort_by_version = array_multisort ($ version , SORT_DESC , $ module_list_array );
272+ // $sort_by_version = array_multisort($version, SORT_DESC, $module_list_array);
259273
260274// Create menu for filter ATutor versions
261- function select_atversion (){
275+ function select_atversion ($ v = 0 ){
262276 global $ sort_versions ;
263277 $ menu = '<form action=" ' .$ _SERVER ['PHP_SELF ' ].'" method="post"> ' ;
264278 $ menu .= '<select name="atversions"> ' ;
265279 $ menu .= '<option value="0"> ' ._AT ("all " ).'</option> ' ;
266280 foreach ($ sort_versions as $ version ){
267- if ($ version == VERSION ){
281+ if ($ version == $ v ){
282+ $ menu .= '<option value=" ' .$ version .'" selected="selected"> ' .$ version .'</option> ' ;
283+ }else if ($ version == VERSION ){
268284 $ menu .= '<option value=" ' .$ version .'" selected="selected"> ' .$ version .'</option> ' ;
269285 }else {
270286 $ menu .= '<option value=" ' .$ version .'" > ' .$ version .'</option> ' ;
0 commit comments