Permalink
Browse files

CONTRIB-3306 Questionnaire - use sesskey checks on form submissions, …

…remove some calls to data_submitted that aren't used.
  • Loading branch information...
1 parent 1e5bec2 commit a4445fd20598f0d3b74c70100753cbaa9d109497 @danmarsden committed Apr 16, 2012
Showing with 10 additions and 9 deletions.
  1. +10 −7 locallib.php
  2. +0 −2 report.php
View
@@ -192,8 +192,6 @@ function view() {
exit();
}
- $viewform = data_submitted($CFG->wwwroot."/mod/questionnaire/view.php");
-
if ((!empty($this->questions)) && $this->capabilities->printblank) {
// open print friendly as popup window
$image_url = $CFG->wwwroot.'/mod/questionnaire/images/';
@@ -211,6 +209,7 @@ function view() {
$msg = $this->print_survey($USER->id, $quser);
/// If Survey was submitted with all required fields completed ($msg is empty),
/// then record the submittal.
+ $viewform = data_submitted($CFG->wwwroot."/mod/questionnaire/view.php");
if (isset($viewform->submit) && isset($viewform->submittype) &&
($viewform->submittype == "Submit Survey") && empty($msg)) {
@@ -524,7 +523,10 @@ function print_survey($userid=false, $quser) {
$userid = $USER->id;
}
- $formdata = data_submitted('nomatch');
+ $formdata = new stdClass();
+ if (confirm_sesskey()) {
+ $formdata = data_submitted();
+ }
$formdata->rid = $this->get_response($quser);
if (!empty($formdata->rid) && (empty($formdata->sec) || intval($formdata->sec) < 1)) {
$formdata->sec = $this->response_select_max_sec($formdata->rid);
@@ -661,6 +663,7 @@ function checkbox_empty(name) {
<input type="hidden" name="sid" value="<?php echo($this->survey->id); ?>" />
<input type="hidden" name="rid" value="<?php echo (isset($formdata->rid) ? $formdata->rid : '0'); ?>" />
<input type="hidden" name="sec" value="<?php echo($formdata->sec); ?>" />
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
</div>
<?php
if (isset($this->questions) && $num_sections) { // sanity check
@@ -889,7 +892,10 @@ function survey_print_render($message = '', $referer='', $courseid, $blankquesti
echo $OUTPUT->box_start();
$this->print_survey_start($message, 1, 1, $has_required);
/// Print all sections:
- $formdata = data_submitted($referer);
+ $formdata = new stdClass();
+ if (confirm_sesskey()) {
+ $formdata = data_submitted();
+ }
foreach ($this->questionsbysec as $section) {
foreach ($section as $question) {
if ($question->type_id == QUESSECTIONTEXT) {
@@ -912,9 +918,6 @@ function survey_update($sdata) {
$errstr = '';
- if (empty($sdata)) {
- $sdata = data_submitted('nomatch');
- }
$f_arr = array();
$v_arr = array();
View
@@ -87,8 +87,6 @@
/// Tab setup:
$SESSION->questionnaire->current_tab = 'allreport';
- $formdata = data_submitted();
-
$strcrossanalyze = get_string('crossanalyze', 'questionnaire');
$strcrosstabulate = get_string('crosstabulate', 'questionnaire');
$strdeleteallresponses = get_string('deleteallresponses', 'questionnaire');

0 comments on commit a4445fd

Please sign in to comment.