Permalink
Browse files

admin/block.php is now using sesskey.

And solved bug when trying to unset config['block']. It isn't
an array but an object.
  • Loading branch information...
1 parent 719593e commit 36b1e811e4cb10f3f68116ca0bedbb0a3b3eb863 stronk7 committed Oct 2, 2004
Showing with 9 additions and 5 deletions.
  1. +8 −4 admin/block.php
  2. +1 −1 admin/blocks.php
View
12 admin/block.php
@@ -14,6 +14,10 @@
error("Site isn't defined!");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+
require_variable($_REQUEST['block']);
$blockid = intval($_REQUEST['block']);
@@ -28,13 +32,13 @@
/// If data submitted, then process and store.
- if ($config = data_submitted()) {
- unset($config['block']); // This will always be set if we have reached this point
- $block->handle_config($config);
+ if ($config = data_submitted()) {
+ unset($config->block); // This will always be set if we have reached this point
+ $block->handle_config($config);
print_header();
redirect("$CFG->wwwroot/$CFG->admin/blocks.php", get_string("changessaved"), 1);
exit;
- }
+ }
/// Otherwise print the form.
View
2 admin/blocks.php
@@ -152,7 +152,7 @@
$settings = ''; // By default, no configuration
if($blockobject->has_config()) {
- $settings = '<a href="block.php?block='.$blockid.'">'.$strsettings.'</a>';
+ $settings = '<a href="block.php?block='.$blockid.'&sesskey='.$USER->sesskey.'">'.$strsettings.'</a>';
}
$count = blocks_get_courses_using_block_by_id($blockid);

0 comments on commit 36b1e81

Please sign in to comment.