Permalink
Browse files

MDL-20901 fixed input validation

  • Loading branch information...
1 parent 5a500a5 commit 06a6ed1f186f497dbbe838d35e796b1cfea65432 @skodak skodak committed Nov 19, 2009
View
@@ -123,7 +123,7 @@
error('You are not authorized to do this');
}
- if($form = data_submitted()) {
+ if($form = data_submitted() and confirm_sesskey()) {
$form->name = clean_param(strip_tags($form->name,'<lang><span>'), PARAM_CLEAN);
@@ -188,7 +188,7 @@
case 'new':
$title = get_string('newevent', 'calendar');
$form = data_submitted();
- if(!empty($form) && !empty($form->name)) {
+ if(!empty($form) && !empty($form->name) && confirm_sesskey()) {
$form->name = clean_text(strip_tags($form->name, '<lang><span>'));
@@ -286,7 +286,7 @@
case 'delete':
$confirm = optional_param('confirm', 0, PARAM_INT);
$repeats = optional_param('repeats', 0, PARAM_INT);
- if($confirm) {
+ if($confirm and confirm_sesskey()) {
// Kill it and redirect to day view
if(($event = get_record('event', 'id', $eventid)) !== false) {
@@ -13,6 +13,7 @@
<input type="hidden" name="confirm" value="1" />
<input type="hidden" name="repeats" value="0" />
<input type="hidden" name="course" value="<?php p($urlcourse); ?>" />
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
&nbsp;
</p>
</form>
@@ -31,6 +32,7 @@
<input type="hidden" name="confirm" value="1" />
<input type="hidden" name="repeats" value="1" />
<input type="hidden" name="course" value="<?php p($urlcourse); ?>" />
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
&nbsp;
</p>
</form>
View
@@ -89,6 +89,7 @@
<input type="hidden" name="format" value="<?php echo $form->format; ?>" />
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="course" value="<?php p($urlcourse); ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
</p>
</form>
View
@@ -99,6 +99,7 @@
<input type="hidden" name="action" value="new" />
<input type="hidden" name="type" value="<?php echo $form->type; ?>" />
<input type="hidden" name="course" value="<?php p($urlcourse); ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
</p>
</form>
@@ -71,6 +71,7 @@
<tr>
<td colspan="2" style="text-align: center;">
+ <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
<input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr>
</table>
View
@@ -18,7 +18,7 @@
/// If data submitted, then process and store.
- if ($form = data_submitted()) {
+ if ($form = data_submitted() and confirm_sesskey()) {
foreach ($form as $preference => $value) {
switch ($preference) {
case 'timeformat':

0 comments on commit 06a6ed1

Please sign in to comment.