Permalink
Browse files

Merge branch 'MDL-24561_forum_subscribe_sesskey_m19' of git://github.…

…com/mudrd8mz/moodle into MOODLE_19_STABLE
  • Loading branch information...
2 parents bffe6c2 + be7c8bb commit 344817fa8a480ede95e5244c1969dbcf51494050 @stronk7 stronk7 committed Jan 10, 2011
Showing with 36 additions and 8 deletions.
  1. +1 −1 index.php
  2. +2 −0 lang/en_utf8/forum.php
  3. +3 −2 mod/forum/index.php
  4. +4 −2 mod/forum/lib.php
  5. +24 −1 mod/forum/subscribe.php
  6. +2 −2 mod/forum/view.php
View
@@ -208,7 +208,7 @@
$subtext = get_string('subscribe', 'forum');
}
print_heading_block($newsforum->name);
- echo '<div class="subscribelink"><a href="mod/forum/subscribe.php?id='.$newsforum->id.'">'.$subtext.'</a></div>';
+ echo '<div class="subscribelink"><a href="mod/forum/subscribe.php?id='.$newsforum->id.'&amp;sesskey='.sesskey().'">'.$subtext.'</a></div>';
} else {
print_heading_block($newsforum->name);
}
View
@@ -47,6 +47,8 @@
$string['configshortpost'] = 'Any post under this length (in characters not including HTML) is considered short (see below).';
$string['configtrackreadposts'] = 'Set to \'yes\' if you want to track read/unread for each user.';
$string['configusermarksread'] = 'If \'yes\', the user must manually mark a post as read. If \'no\', when the post is viewed it is marked as read.';
+$string['confirmsubscribe'] = 'Do you really want to subscribe to forum \'{$a}\'?';
+$string['confirmunsubscribe'] = 'Do you really want to unsubscribe from forum \'{$a}\'?';
$string['couldnotadd'] = 'Could not add your post due to an unknown error';
$string['couldnotdeleteratings'] = 'Sorry, that cannot be deleted as people have already rated it';
$string['couldnotdeletereplies'] = 'Sorry, that cannot be deleted as people have already responded to it';
View
@@ -119,6 +119,7 @@
/// Do course wide subscribe/unsubscribe
if (!is_null($subscribe) and !isguestuser() and !isguest()) {
+ require_sesskey();
foreach ($modinfo->instances['forum'] as $forumid=>$cm) {
$forum = $forums[$forumid];
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
@@ -387,9 +388,9 @@
if (!isguest()) {
print_box_start('subscription');
echo '<span class="helplink">';
- echo '<a href="index.php?id='.$course->id.'&amp;subscribe=1">'.get_string('allsubscribe', 'forum').'</a>';
+ echo '<a href="index.php?id='.$course->id.'&amp;subscribe=1&amp;sesskey='.sesskey().'">'.get_string('allsubscribe', 'forum').'</a>';
echo '</span><br /><span class="helplink">';
- echo '<a href="index.php?id='.$course->id.'&amp;subscribe=0">'.get_string('allunsubscribe', 'forum').'</a>';
+ echo '<a href="index.php?id='.$course->id.'&amp;subscribe=0&amp;sesskey='.sesskey().'">'.get_string('allunsubscribe', 'forum').'</a>';
echo '</span>';
print_box_end();
print_box('&nbsp;', 'clearer');
View
@@ -4299,21 +4299,23 @@ function forum_get_subscribe_link($forum, $context, $messages = array(), $cantac
$backtoindexlink = '';
}
$link = '';
+ $sesskeylink = '&amp;sesskey='.sesskey();
if ($fakelink) {
$link .= <<<EOD
<script type="text/javascript">
//<![CDATA[
var subs_link = document.getElementById("subscriptionlink");
if(subs_link){
- subs_link.innerHTML = "<a title=\"$linktitle\" href='$CFG->wwwroot/mod/forum/subscribe.php?id={$forum->id}{$backtoindexlink}'>$linktext<\/a>";
+ subs_link.innerHTML = "<a title=\"$linktitle\" href='$CFG->wwwroot/mod/forum/subscribe.php?id={$forum->id}{$backtoindexlink}{$sesskeylink}'>$linktext<\/a>";
}
//]]>
</script>
<noscript>
EOD;
}
- $options ['id'] = $forum->id;
+ $options['id'] = $forum->id;
+ $options['sesskey'] = sesskey();
$link .= print_single_button($CFG->wwwroot . '/mod/forum/subscribe.php',
$options, $linktext, 'post', '_self', true, $linktitle);
if ($fakelink) {
View
@@ -1,4 +1,4 @@
-<?php // $Id$
+<?php
// Subscribe to or unsubscribe from a forum.
@@ -8,6 +8,7 @@
$id = required_param('id',PARAM_INT); // The forum to subscribe or unsubscribe to
$force = optional_param('force','',PARAM_ALPHA); // Force everyone to be subscribed to this forum?
$user = optional_param('user',0,PARAM_INT);
+ $sesskey = optional_param('sesskey', null, PARAM_RAW);
if (! $forum = get_record("forum", "id", $id)) {
error("Forum ID was incorrect");
@@ -25,6 +26,7 @@
}
if ($user) {
+ require_sesskey();
if (!has_capability('mod/forum:managesubscriptions', $context)) {
error('You do not have the permission to subscribe/unsubscribe other people!');
}
@@ -65,6 +67,7 @@
: "view.php?f=$id";
if ($force and has_capability('mod/forum:managesubscriptions', $context)) {
+ require_sesskey();
if (forum_is_forcesubscribed($forum)) {
forum_forcesubscribe($forum->id, 0);
redirect($returnto, get_string("everyonecannowchoose", "forum"), 1);
@@ -81,7 +84,20 @@
$info->name = fullname($user);
$info->forum = format_string($forum->name);
+ if ($user->id == $USER->id) {
+ $selflink = 'subscribe.php?id='.$id.'&amp;sesskey='.sesskey();
+ } else {
+ $selflink = 'subscribe.php?id='.$id.'&amp;user='.$user->id.'&amp;sesskey='.sesskey();
+ }
+
if (forum_is_subscribed($user->id, $forum->id)) {
+ if (is_null($sesskey)) { // we came here via link in email
+ $navigation = build_navigation('', $cm);
+ print_header($course->shortname, $course->fullname, $navigation, '', '', true, '', navmenu($course, $cm));
+ notice_yesno(get_string('confirmunsubscribe', 'forum', format_string($forum->name)), $selflink, $returnto);
+ print_footer($course);
+ exit;
+ }
if (forum_unsubscribe($user->id, $forum->id)) {
add_to_log($course->id, "forum", "unsubscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
redirect($returnto, get_string("nownotsubscribed", "forum", $info), 1);
@@ -97,6 +113,13 @@
if (!has_capability('mod/forum:viewdiscussion', $context)) {
error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
}
+ if (is_null($sesskey)) { // we came here via link in email
+ $navigation = build_navigation('', $cm);
+ print_header($course->shortname, $course->fullname, $navigation, '', '', true, '', navmenu($course, $cm));
+ notice_yesno(get_string('confirmsubscribe', 'forum', format_string($forum->name)), $selflink, $returnto);
+ print_footer($course);
+ exit;
+ }
if (forum_subscribe($user->id, $forum->id) ) {
add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);
View
@@ -131,7 +131,7 @@
helpbutton("subscription", $strallowchoice, "forum");
echo '&nbsp;<span class="helplink">';
if (has_capability('mod/forum:managesubscriptions', $context)) {
- echo "<a title=\"$strallowchoice\" href=\"subscribe.php?id=$forum->id&amp;force=no\">$strallowchoice</a>";
+ echo "<a title=\"$strallowchoice\" href=\"subscribe.php?id=$forum->id&amp;force=no&amp;sesskey=".sesskey()."\">$strallowchoice</a>";
} else {
echo $streveryoneisnowsubscribed;
}
@@ -150,7 +150,7 @@
echo '&nbsp;';
if (has_capability('mod/forum:managesubscriptions', $context)) {
- echo "<span class=\"helplink\"><a title=\"$strforcesubscribe\" href=\"subscribe.php?id=$forum->id&amp;force=yes\">$strforcesubscribe</a></span>";
+ echo "<span class=\"helplink\"><a title=\"$strforcesubscribe\" href=\"subscribe.php?id=$forum->id&amp;force=yes&amp;sesskey=".sesskey()."\">$strforcesubscribe</a></span>";
} else {
echo '<span class="helplink">'.$streveryonecannowchoose.'</span>';
}

0 comments on commit 344817f

Please sign in to comment.