Permalink
Browse files

course/view.php is using sesskey

(changes in blocks done, please check them)
  • Loading branch information...
1 parent 1824077 commit 3099dc3e6f04b8dd839403aae39be3b32d4a8149 stronk7 committed Oct 9, 2004
Showing with 28 additions and 23 deletions.
  1. +9 −7 blocks/moodleblock.class.php
  2. +7 −7 course/format/topics/format.php
  3. +4 −4 course/format/weeks/format.php
  4. +4 −4 course/view.php
  5. +4 −1 lib/blocklib.php
@@ -119,7 +119,7 @@ function print_shadow() {
}
function add_edit_controls($options, $blockid) {
- global $CFG, $THEME;
+ global $CFG, $THEME, $USER;
// The block may be disabled
$blockid = intval($blockid);
@@ -143,6 +143,8 @@ function add_edit_controls($options, $blockid) {
} else {
$pixpath = $path.'/../theme/'.$CFG->theme.'/pix';
}
+
+ $sesskeystr = '&sesskey='.$USER->sesskey;
$movebuttons = '<div style="float: right;">';
@@ -155,26 +157,26 @@ function add_edit_controls($options, $blockid) {
$title = $this->str->show;
}
- $movebuttons .= '<a style="margin-right: 6px; margin-left: 3px;" title="'.$title.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=toggle&amp;blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 6px; margin-left: 3px;" title="'.$title.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=toggle&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.$icon.'" /></a>';
- $movebuttons .= '<a title="'.$this->str->delete.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=delete&amp;blockid='.$blockid.'">' .
+ $movebuttons .= '<a title="'.$this->str->delete.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=delete&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/delete.gif" /></a> ';
if ($options & BLOCK_MOVE_LEFT) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveleft.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveleft.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/left.gif" /></a>';
}
if ($options & BLOCK_MOVE_UP) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveup.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveup&amp;blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveup.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveup&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/up.gif" /></a>';
}
if ($options & BLOCK_MOVE_DOWN) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->movedown.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=movedown&amp;blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->movedown.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=movedown&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/down.gif" /></a>';
}
if ($options & BLOCK_MOVE_RIGHT) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveright.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveright.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/right.gif" /></a>';
}
@@ -31,7 +31,7 @@
}
}
- if (isteacher($course->id) and isset($marker)) {
+ if (isteacher($course->id) and isset($marker) and confirm_sesskey()) {
$course->marker = $marker;
if (! set_field("course", "marker", $marker, "id", $course->id)) {
error("Could not mark that topic for this course");
@@ -226,28 +226,28 @@
if (isediting($course->id)) {
if ($course->marker == $section) { // Show the "light globe" on/off
- echo "<a href=\"view.php?id=$course->id&marker=0\" title=\"$strmarkedthistopic\">".
+ echo "<a href=\"view.php?id=$course->id&marker=0&sesskey=$USER->sesskey\" title=\"$strmarkedthistopic\">".
"<img src=\"$CFG->pixpath/i/marked.gif\" vspace=3 height=16 width=16 border=0></a><br />";
} else {
- echo "<a href=\"view.php?id=$course->id&marker=$section\" title=\"$strmarkthistopic\">".
+ echo "<a href=\"view.php?id=$course->id&marker=$section&sesskey=$USER->sesskey\" title=\"$strmarkthistopic\">".
"<img src=\"$CFG->pixpath/i/marker.gif\" vspace=3 height=16 width=16 border=0></a><br />";
}
if ($thissection->visible) { // Show the hide/show eye
- echo "<a href=\"view.php?id=$course->id&hide=$section\" title=\"$strtopichide\">".
+ echo "<a href=\"view.php?id=$course->id&hide=$section&sesskey=$USER->sesskey\" title=\"$strtopichide\">".
"<img src=\"$CFG->pixpath/i/hide.gif\" vspace=3 height=16 width=16 border=0></a><br />";
} else {
- echo "<a href=\"view.php?id=$course->id&show=$section\" title=\"$strtopicshow\">".
+ echo "<a href=\"view.php?id=$course->id&show=$section&sesskey=$USER->sesskey\" title=\"$strtopicshow\">".
"<img src=\"$CFG->pixpath/i/show.gif\" vspace=3 height=16 width=16 border=0></a><br />";
}
if ($section > 1) { // Add a arrow to move section up
- echo "<a href=\"view.php?id=$course->id&section=$section&move=-1\" title=\"$strmoveup\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=-1&sesskey=$USER->sesskey\" title=\"$strmoveup\">".
"<img src=\"$CFG->pixpath/t/up.gif\" vspace=3 height=11 width=11 border=0></a><br />";
}
if ($section < $course->numsections) { // Add a arrow to move section down
- echo "<a href=\"view.php?id=$course->id&section=$section&move=1\" title=\"$strmovedown\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=1&sesskey=$USER->sesskey\" title=\"$strmovedown\">".
"<img src=\"$CFG->pixpath/t/down.gif\" vspace=3 height=11 width=11 border=0></a><br />";
}
@@ -219,20 +219,20 @@
if (isediting($course->id)) {
if ($thissection->visible) { // Show the hide/show eye
- echo "<a href=\"view.php?id=$course->id&hide=$section\" title=\"$strweekhide\">".
+ echo "<a href=\"view.php?id=$course->id&hide=$section&sesskey=$USER->sesskey\" title=\"$strweekhide\">".
"<img src=\"$CFG->pixpath/i/hide.gif\" vspace=3 height=16 width=16 border=0></a><br />";
} else {
- echo "<a href=\"view.php?id=$course->id&show=$section\" title=\"$strweekshow\">".
+ echo "<a href=\"view.php?id=$course->id&show=$section&sesskey=$USER->sesskey\" title=\"$strweekshow\">".
"<img src=\"$CFG->pixpath/i/show.gif\" vspace=3 height=16 width=16 border=0></a><br />";
}
if ($section > 1) { // Add a arrow to move section up
- echo "<a href=\"view.php?id=$course->id&section=$section&move=-1\" title=\"$strmoveup\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=-1&sesskey=$USER->sesskey\" title=\"$strmoveup\">".
"<img src=\"$CFG->pixpath/t/up.gif\" vspace=3 height=11 width=11 border=0></a><br />";
}
if ($section < $course->numsections) { // Add a arrow to move section down
- echo "<a href=\"view.php?id=$course->id&section=$section&move=1\" title=\"$strmovedown\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=1&sesskey=$USER->sesskey\" title=\"$strmovedown\">".
"<img src=\"$CFG->pixpath/t/down.gif\" vspace=3 height=11 width=11 border=0></a><br />";
}
View
@@ -75,15 +75,15 @@
$editing = $USER->editing;
- if (isset($hide)) {
+ if (isset($hide) and confirm_sesskey()) {
set_section_visible($course->id, $hide, '0');
}
- if (isset($show)) {
+ if (isset($show) and confirm_sesskey()) {
set_section_visible($course->id, $show, '1');
}
- if (isset($_GET['blockaction'])) {
+ if (isset($_GET['blockaction']) and confirm_sesskey()) {
if (isset($_GET['blockid'])) {
block_action($course, $leftblocks, $rightblocks, strtolower($_GET['blockaction']), intval($_GET['blockid']));
}
@@ -118,7 +118,7 @@
}
if (!empty($section)) {
- if (!empty($move)) {
+ if (!empty($move) and confirm_sesskey()) {
if (!move_section($course, $section, $move)) {
notify("An error occurred while moving a section");
}
View
@@ -410,6 +410,9 @@ function block_find($blockid, $leftblocks, $rightblocks) {
//This function prints the block to admin blocks as necessary
function block_print_blocks_admin(&$course, $missingblocks) {
+
+ global $USER;
+
if (isediting($course->id)) {
$strblocks = get_string('blocks');
$stradd = get_string('add');
@@ -430,7 +433,7 @@ function block_print_blocks_admin(&$course, $missingblocks) {
else {
$target = 'view.php';
}
- $content = popup_form($target.'?id='.$course->id.'&amp;blockaction=add&amp;blockid=',
+ $content = popup_form($target.'?id='.$course->id.'&amp;blockaction=add&amp;sesskey='.$USER->sesskey.'&amp;blockid=',
$menu, 'add_block', '', "$stradd...", '', '', true);
$content = '<div align="center">'.$content.'</div>';
print_side_block($strblocks, $content, NULL, NULL, NULL);

0 comments on commit 3099dc3

Please sign in to comment.