Skip to content
Browse files

admin/enrol.php is now using sesskey.

  • Loading branch information...
1 parent a959544 commit 0f8c7865b14e655d05be9188698ec93384254aa4 stronk7 committed Oct 3, 2004
Showing with 9 additions and 4 deletions.
  1. +7 −2 admin/enrol.php
  2. +1 −1 admin/index.php
  3. +1 −1 admin/users.php
View
9 admin/enrol.php
@@ -16,6 +16,10 @@
error("Only the admin can use this page");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+
$enrol = clean_filename($enrol);
require_once("$CFG->dirroot/enrol/$enrol/enrol.php"); /// Open the class
@@ -27,7 +31,7 @@
if ($frm = data_submitted()) {
if ($enrolment->process_config($frm)) {
set_config('enrol', $frm->enrol);
- redirect("enrol.php", get_string("changessaved"), 1);
+ redirect("enrol.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
}
} else {
$frm = $CFG;
@@ -50,13 +54,14 @@
<a href=\"users.php\">$str->users</a> -> $str->enrolments");
echo "<form target=\"{$CFG->framename}\" name=\"enrolmenu\" method=\"post\" action=\"enrol.php\">";
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\">";
echo "<div align=\"center\"><p><b>";
/// Choose an enrolment method
echo get_string('chooseenrolmethod').': ';
choose_from_menu ($options, "enrol", $enrol, "",
- "document.location='enrol.php?enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
+ "document.location='enrol.php?sesskey=$USER->sesskey&enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
echo "</b></p></div>";
View
2 admin/index.php
@@ -306,7 +306,7 @@
get_string("uploadusers")."</a> - <font size=1>".
get_string("adminhelpuploadusers")."</font><br />";
- $userdata .= "<hr><font size=+1>&nbsp;</font><a href=\"enrol.php\">".get_string("enrolments")."</a> - <font size=1>".
+ $userdata .= "<hr><font size=+1>&nbsp;</font><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a> - <font size=1>".
get_string("adminhelpenrolments")."</font><br />";
$userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a> - <font size=1>".
get_string("adminhelpassignstudents")."</font><br />";
View
2 admin/users.php
@@ -34,7 +34,7 @@
get_string("adminhelpuploadusers"));
}
$table->data[] = array('', '<hr />');
- $table->data[] = array("<b><a href=\"enrol.php\">".get_string("enrolments")."</a></b>",
+ $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a></b>",
get_string("adminhelpenrolments"));
$table->data[] = array("<b><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a></b>",
get_string("adminhelpassignstudents"));

0 comments on commit 0f8c786

Please sign in to comment.
Something went wrong with that request. Please try again.