Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

admin/creators.php is now using sesskey.

  • Loading branch information...
commit 09b1a30d72f68d92bac8228ab66800696a2d87f0 1 parent 9b464d9
stronk7 authored
View
1  admin/creators.html
@@ -1,6 +1,7 @@
<form name="creatorsform" id="creatorsform" method="post" action="creators.php">
<input type="hidden" name="previoussearch" value="<?php echo $previoussearch ?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
<table align="center" border="0" cellpadding="5" cellspacing="0">
<tr>
<td valign="top">
View
4 admin/creators.php
@@ -19,6 +19,10 @@
error("You must be an administrator to use this page.");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+
$primaryadmin = get_admin();
/// assign all of the configurable language strings
View
2  admin/index.php
@@ -314,7 +314,7 @@
$userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=on\">".get_string("assignteachers")."</a> - <font size=1>".
get_string("adminhelpassignteachers").
" <img src=\"../pix/t/user.gif\" height=11 width=11></font><br />";
- $userdata .= "<font size=+1>&nbsp;</font><a href=\"creators.php\">".get_string("assigncreators")."</a> - <font size=1>".
+ $userdata .= "<font size=+1>&nbsp;</font><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a> - <font size=1>".
get_string("adminhelpassigncreators")."</font><br />";
$userdata .= "<font size=+1>&nbsp;</font><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a> - <font size=1>".
get_string("adminhelpassignadmins")."</font><br />";
View
2  admin/users.php
@@ -40,7 +40,7 @@
get_string("adminhelpassignstudents"));
$table->data[] = array("<b><a href=\"../course/index.php?edit=on\">".get_string("assignteachers")."</a></b>",
get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=11 width=11>");
- $table->data[] = array("<b><a href=\"creators.php\">".get_string("assigncreators")."</a></b>",
+ $table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
get_string("adminhelpassigncreators"));
$table->data[] = array("<b><a href=\"admin.php?sesskey=$USER->sesskey\">".get_string("assignadmins")."</a></b>",
get_string("adminhelpassignadmins"));
Please sign in to comment.
Something went wrong with that request. Please try again.