Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Merge branch 'MDL-24561_forum_subscribe_sesskey_m19' of git://github.…

…com/mudrd8mz/moodle into MOODLE_19_STABLE
  • Loading branch information...
commit 344817fa8a480ede95e5244c1969dbcf51494050 2 parents bffe6c2 + be7c8bb
Eloy Lafuente (stronk7) stronk7 authored
2  index.php
@@ -208,7 +208,7 @@
208 208 $subtext = get_string('subscribe', 'forum');
209 209 }
210 210 print_heading_block($newsforum->name);
211   - echo '<div class="subscribelink"><a href="mod/forum/subscribe.php?id='.$newsforum->id.'">'.$subtext.'</a></div>';
  211 + echo '<div class="subscribelink"><a href="mod/forum/subscribe.php?id='.$newsforum->id.'&amp;sesskey='.sesskey().'">'.$subtext.'</a></div>';
212 212 } else {
213 213 print_heading_block($newsforum->name);
214 214 }
2  lang/en_utf8/forum.php
@@ -47,6 +47,8 @@
47 47 $string['configshortpost'] = 'Any post under this length (in characters not including HTML) is considered short (see below).';
48 48 $string['configtrackreadposts'] = 'Set to \'yes\' if you want to track read/unread for each user.';
49 49 $string['configusermarksread'] = 'If \'yes\', the user must manually mark a post as read. If \'no\', when the post is viewed it is marked as read.';
  50 +$string['confirmsubscribe'] = 'Do you really want to subscribe to forum \'{$a}\'?';
  51 +$string['confirmunsubscribe'] = 'Do you really want to unsubscribe from forum \'{$a}\'?';
50 52 $string['couldnotadd'] = 'Could not add your post due to an unknown error';
51 53 $string['couldnotdeleteratings'] = 'Sorry, that cannot be deleted as people have already rated it';
52 54 $string['couldnotdeletereplies'] = 'Sorry, that cannot be deleted as people have already responded to it';
5 mod/forum/index.php
@@ -119,6 +119,7 @@
119 119
120 120 /// Do course wide subscribe/unsubscribe
121 121 if (!is_null($subscribe) and !isguestuser() and !isguest()) {
  122 + require_sesskey();
122 123 foreach ($modinfo->instances['forum'] as $forumid=>$cm) {
123 124 $forum = $forums[$forumid];
124 125 $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
@@ -387,9 +388,9 @@
387 388 if (!isguest()) {
388 389 print_box_start('subscription');
389 390 echo '<span class="helplink">';
390   - echo '<a href="index.php?id='.$course->id.'&amp;subscribe=1">'.get_string('allsubscribe', 'forum').'</a>';
  391 + echo '<a href="index.php?id='.$course->id.'&amp;subscribe=1&amp;sesskey='.sesskey().'">'.get_string('allsubscribe', 'forum').'</a>';
391 392 echo '</span><br /><span class="helplink">';
392   - echo '<a href="index.php?id='.$course->id.'&amp;subscribe=0">'.get_string('allunsubscribe', 'forum').'</a>';
  393 + echo '<a href="index.php?id='.$course->id.'&amp;subscribe=0&amp;sesskey='.sesskey().'">'.get_string('allunsubscribe', 'forum').'</a>';
393 394 echo '</span>';
394 395 print_box_end();
395 396 print_box('&nbsp;', 'clearer');
6 mod/forum/lib.php
@@ -4299,6 +4299,7 @@ function forum_get_subscribe_link($forum, $context, $messages = array(), $cantac
4299 4299 $backtoindexlink = '';
4300 4300 }
4301 4301 $link = '';
  4302 + $sesskeylink = '&amp;sesskey='.sesskey();
4302 4303
4303 4304 if ($fakelink) {
4304 4305 $link .= <<<EOD
@@ -4306,14 +4307,15 @@ function forum_get_subscribe_link($forum, $context, $messages = array(), $cantac
4306 4307 //<![CDATA[
4307 4308 var subs_link = document.getElementById("subscriptionlink");
4308 4309 if(subs_link){
4309   - subs_link.innerHTML = "<a title=\"$linktitle\" href='$CFG->wwwroot/mod/forum/subscribe.php?id={$forum->id}{$backtoindexlink}'>$linktext<\/a>";
  4310 + subs_link.innerHTML = "<a title=\"$linktitle\" href='$CFG->wwwroot/mod/forum/subscribe.php?id={$forum->id}{$backtoindexlink}{$sesskeylink}'>$linktext<\/a>";
4310 4311 }
4311 4312 //]]>
4312 4313 </script>
4313 4314 <noscript>
4314 4315 EOD;
4315 4316 }
4316   - $options ['id'] = $forum->id;
  4317 + $options['id'] = $forum->id;
  4318 + $options['sesskey'] = sesskey();
4317 4319 $link .= print_single_button($CFG->wwwroot . '/mod/forum/subscribe.php',
4318 4320 $options, $linktext, 'post', '_self', true, $linktitle);
4319 4321 if ($fakelink) {
25 mod/forum/subscribe.php
... ... @@ -1,4 +1,4 @@
1   -<?php // $Id$
  1 +<?php
2 2
3 3 // Subscribe to or unsubscribe from a forum.
4 4
@@ -8,6 +8,7 @@
8 8 $id = required_param('id',PARAM_INT); // The forum to subscribe or unsubscribe to
9 9 $force = optional_param('force','',PARAM_ALPHA); // Force everyone to be subscribed to this forum?
10 10 $user = optional_param('user',0,PARAM_INT);
  11 + $sesskey = optional_param('sesskey', null, PARAM_RAW);
11 12
12 13 if (! $forum = get_record("forum", "id", $id)) {
13 14 error("Forum ID was incorrect");
@@ -25,6 +26,7 @@
25 26 }
26 27
27 28 if ($user) {
  29 + require_sesskey();
28 30 if (!has_capability('mod/forum:managesubscriptions', $context)) {
29 31 error('You do not have the permission to subscribe/unsubscribe other people!');
30 32 }
@@ -65,6 +67,7 @@
65 67 : "view.php?f=$id";
66 68
67 69 if ($force and has_capability('mod/forum:managesubscriptions', $context)) {
  70 + require_sesskey();
68 71 if (forum_is_forcesubscribed($forum)) {
69 72 forum_forcesubscribe($forum->id, 0);
70 73 redirect($returnto, get_string("everyonecannowchoose", "forum"), 1);
@@ -81,7 +84,20 @@
81 84 $info->name = fullname($user);
82 85 $info->forum = format_string($forum->name);
83 86
  87 + if ($user->id == $USER->id) {
  88 + $selflink = 'subscribe.php?id='.$id.'&amp;sesskey='.sesskey();
  89 + } else {
  90 + $selflink = 'subscribe.php?id='.$id.'&amp;user='.$user->id.'&amp;sesskey='.sesskey();
  91 + }
  92 +
84 93 if (forum_is_subscribed($user->id, $forum->id)) {
  94 + if (is_null($sesskey)) { // we came here via link in email
  95 + $navigation = build_navigation('', $cm);
  96 + print_header($course->shortname, $course->fullname, $navigation, '', '', true, '', navmenu($course, $cm));
  97 + notice_yesno(get_string('confirmunsubscribe', 'forum', format_string($forum->name)), $selflink, $returnto);
  98 + print_footer($course);
  99 + exit;
  100 + }
85 101 if (forum_unsubscribe($user->id, $forum->id)) {
86 102 add_to_log($course->id, "forum", "unsubscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
87 103 redirect($returnto, get_string("nownotsubscribed", "forum", $info), 1);
@@ -97,6 +113,13 @@
97 113 if (!has_capability('mod/forum:viewdiscussion', $context)) {
98 114 error("Could not subscribe you to that forum", $_SERVER["HTTP_REFERER"]);
99 115 }
  116 + if (is_null($sesskey)) { // we came here via link in email
  117 + $navigation = build_navigation('', $cm);
  118 + print_header($course->shortname, $course->fullname, $navigation, '', '', true, '', navmenu($course, $cm));
  119 + notice_yesno(get_string('confirmsubscribe', 'forum', format_string($forum->name)), $selflink, $returnto);
  120 + print_footer($course);
  121 + exit;
  122 + }
100 123 if (forum_subscribe($user->id, $forum->id) ) {
101 124 add_to_log($course->id, "forum", "subscribe", "view.php?f=$forum->id", $forum->id, $cm->id);
102 125 redirect($returnto, get_string("nowsubscribed", "forum", $info), 1);
4 mod/forum/view.php
@@ -131,7 +131,7 @@
131 131 helpbutton("subscription", $strallowchoice, "forum");
132 132 echo '&nbsp;<span class="helplink">';
133 133 if (has_capability('mod/forum:managesubscriptions', $context)) {
134   - echo "<a title=\"$strallowchoice\" href=\"subscribe.php?id=$forum->id&amp;force=no\">$strallowchoice</a>";
  134 + echo "<a title=\"$strallowchoice\" href=\"subscribe.php?id=$forum->id&amp;force=no&amp;sesskey=".sesskey()."\">$strallowchoice</a>";
135 135 } else {
136 136 echo $streveryoneisnowsubscribed;
137 137 }
@@ -150,7 +150,7 @@
150 150 echo '&nbsp;';
151 151
152 152 if (has_capability('mod/forum:managesubscriptions', $context)) {
153   - echo "<span class=\"helplink\"><a title=\"$strforcesubscribe\" href=\"subscribe.php?id=$forum->id&amp;force=yes\">$strforcesubscribe</a></span>";
  153 + echo "<span class=\"helplink\"><a title=\"$strforcesubscribe\" href=\"subscribe.php?id=$forum->id&amp;force=yes&amp;sesskey=".sesskey()."\">$strforcesubscribe</a></span>";
154 154 } else {
155 155 echo '<span class="helplink">'.$streveryonecannowchoose.'</span>';
156 156 }

0 comments on commit 344817f

Please sign in to comment.
Something went wrong with that request. Please try again.