Browse files

MDL-20901 fixed input validation

  • Loading branch information...
1 parent a762409 commit 3587b8dc5de7140b2ec1c843e91624588e620ac5 @skodak skodak committed Nov 19, 2009
Showing with 6 additions and 4 deletions.
  1. +3 −2 admin/roles/allowassign.php
  2. +3 −2 admin/roles/allowoverride.php
View
5 admin/roles/allowassign.php
@@ -21,10 +21,10 @@
$roles = get_all_roles();
- if ($grant = data_submitted()) {
+ if ($grant = data_submitted() and confirm_sesskey()) {
foreach ($grant as $grole => $val) {
- if ($grole == 'dummy') {
+ if ($grole == 'dummy' or !strpos($grole, '_')) {
continue;
}
@@ -81,6 +81,7 @@
print_table($table);
echo '<div class="buttons"><input type="submit" value="'.get_string('savechanges').'"/>';
echo '<input type="hidden" name="dummy" value="1" />'; // this is needed otherwise we do not know a form has been submitted
+ echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '</div></form>';
admin_externalpage_print_footer();
View
5 admin/roles/allowoverride.php
@@ -19,10 +19,10 @@
$roles = get_all_roles();
- if ($grant = data_submitted()) {
+ if ($grant = data_submitted() and confirm_sesskey()) {
foreach ($grant as $grole => $val) {
- if ($grole == 'dummy') {
+ if ($grole == 'dummy' or !strpos($grole, '_')) {
continue;
}
@@ -79,6 +79,7 @@
print_table($table);
echo '<div class="buttons"><input type="submit" value="'.get_string('savechanges').'"/>';
echo '<input type="hidden" name="dummy" value="1" />'; // this is needed otherwise we do not know a form has been submitted
+ echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '</div></form>';
admin_externalpage_print_footer();

0 comments on commit 3587b8d

Please sign in to comment.