Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add CSRF protection to item number setting
  • Loading branch information
Martin Gauk committed Jan 10, 2020
1 parent a1e3aa1 commit cd18d8b
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion block_sitenews.php
Expand Up @@ -64,7 +64,7 @@ public function get_content() {

$updatemynumber = optional_param("mynewsitems", -1, PARAM_INT);
$displaysetting = block_sitenews_get_itemsnumber();
if ($updatemynumber >= 0 && $updatemynumber < 11) {
if ($updatemynumber >= 0 && $updatemynumber < 11 && confirm_sesskey()) {
block_sitenews_update_itemsnumber($updatemynumber);
$displaysetting = $items = $updatemynumber;
}
Expand Down
1 change: 1 addition & 0 deletions renderer.php
Expand Up @@ -58,6 +58,7 @@ public function editing_bar_head($selected = 0) {
$options = range(0,10);
$options[0] = get_string("preset", "block_sitenews");
$select = new single_select($url, "mynewsitems", $options, $selected, array());
$select->method = 'post';
$select->set_label(get_string("newsitemsnumber") . ":");
$output .= $this->output->render($select);

Expand Down

0 comments on commit cd18d8b

Please sign in to comment.