admin/enrol.php is now using sesskey.

moodle · Oct 3, 2004 · 0f8c786 · 0f8c786
1 parent a959544
commit 0f8c786
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/admin/enrol.php b/admin/enrol.php
@@ -16,6 +16,10 @@
         error("Only the admin can use this page");
     }
 
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
+
     $enrol = clean_filename($enrol);
     require_once("$CFG->dirroot/enrol/$enrol/enrol.php");   /// Open the class
 
@@ -27,7 +31,7 @@
 	if ($frm = data_submitted()) {
         if ($enrolment->process_config($frm)) {
             set_config('enrol', $frm->enrol);
-            redirect("enrol.php", get_string("changessaved"), 1);
+            redirect("enrol.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
         }
 	} else {
         $frm = $CFG;
@@ -50,13 +54,14 @@
                    <a href=\"users.php\">$str->users</a> -> $str->enrolments");
 
     echo "<form target=\"{$CFG->framename}\" name=\"enrolmenu\" method=\"post\" action=\"enrol.php\">";
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\">";
     echo "<div align=\"center\"><p><b>";
 
 
 /// Choose an enrolment method
     echo get_string('chooseenrolmethod').': ';
 	choose_from_menu ($options, "enrol", $enrol, "",
-                      "document.location='enrol.php?enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
+                      "document.location='enrol.php?sesskey=$USER->sesskey&enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
 
     echo "</b></p></div>";
 

diff --git a/admin/index.php b/admin/index.php
@@ -306,7 +306,7 @@
                  get_string("uploadusers")."</a> - <font size=1>".
                  get_string("adminhelpuploadusers")."</font><br />";
 
-    $userdata .= "<hr><font size=+1>&nbsp;</font><a href=\"enrol.php\">".get_string("enrolments")."</a> - <font size=1>".
+    $userdata .= "<hr><font size=+1>&nbsp;</font><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a> - <font size=1>".
                  get_string("adminhelpenrolments")."</font><br />";
     $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a> - <font size=1>".
                  get_string("adminhelpassignstudents")."</font><br />";

diff --git a/admin/users.php b/admin/users.php
@@ -34,7 +34,7 @@
                                get_string("adminhelpuploadusers"));
     }
     $table->data[] = array('', '<hr />');
-    $table->data[] = array("<b><a href=\"enrol.php\">".get_string("enrolments")."</a></b>",
+    $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a></b>",
                            get_string("adminhelpenrolments"));
     $table->data[] = array("<b><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a></b>",
                            get_string("adminhelpassignstudents"));