Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-20901 fixed input validation

  • Loading branch information...
commit 0f7b1a996ad3efab7c722dadc63ebd29ad4b795d 1 parent c855486
@skodak skodak authored
Showing with 2 additions and 1 deletion.
  1. +1 −1  mod/survey/save.php
  2. +1 −0  mod/survey/view.php
View
2  mod/survey/save.php
@@ -6,7 +6,7 @@
// Make sure this is a legitimate posting
- if (!$formdata = data_submitted("$CFG->wwwroot/mod/survey/view.php")) {
+ if (!$formdata = data_submitted("$CFG->wwwroot/mod/survey/view.php") or !confirm_sesskey()) {
error("You are not supposed to use this script like that.");
}
View
1  mod/survey/view.php
@@ -110,6 +110,7 @@
echo "<form method=\"post\" action=\"save.php\" id=\"surveyform\">";
echo '<div>';
echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />";
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
print_simple_box(format_text($survey->intro), 'center', '70%', '', 5, 'generalbox', 'intro');
Please sign in to comment.
Something went wrong with that request. Please try again.