MDL-77008 mod_data: require sesskey to reset module templates.

moodle · Mar 8, 2023 · 355556c · 355556c
1 parent 128c0c2
commit 355556c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/mod/data/classes/output/action_bar.php b/mod/data/classes/output/action_bar.php
@@ -198,7 +198,10 @@ public function get_templates_action_bar(): string {
 
         // Reset all templates action.
         $resetallurl = new moodle_url($this->currenturl);
-        $resetallurl->param('action', 'resetalltemplates');
+        $resetallurl->params([
+            'action' => 'resetalltemplates',
+            'sesskey' => sesskey(),
+        ]);
         $presetsactions->add(new \action_menu_link(
             $resetallurl,
             null,

diff --git a/mod/data/templates.php b/mod/data/templates.php
@@ -57,6 +57,12 @@
 require_login($course, false, $cm);
 require_capability('mod/data:managetemplates', $context);
 
+if ($action == 'resetalltemplates') {
+    require_sesskey();
+    $manager->reset_all_templates();
+    redirect($PAGE->url, get_string('templateresetall', 'mod_data'), null, \core\output\notification::NOTIFY_SUCCESS);
+}
+
 $manager->set_template_viewed();
 
 if ($useeditor !== null) {
@@ -86,11 +92,6 @@
 $actionbar = new \mod_data\output\action_bar($instance->id, $url);
 echo $actionbar->get_templates_action_bar();
 
-if ($action == 'resetalltemplates') {
-    $manager->reset_all_templates();
-    $notificationstr = get_string('templateresetall', 'mod_data');
-}
-
 if (($formdata = data_submitted()) && confirm_sesskey()) {
     if (!empty($formdata->defaultform)) {
         // Reset the template to default.