Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

course/student.php is using sesskey.

  • Loading branch information...
commit 473d3495a517dda6b3753ffd5c5fc650a741c8b6 1 parent dfcbccb
stronk7 authored
Showing with 5 additions and 2 deletions.
  1. +1 −0  course/student.html
  2. +4 −2 course/student.php
View
1  course/student.html
@@ -1,6 +1,7 @@
<form name="studentform" id="studentform" method="post" action="student.php">
<input type="hidden" name="previoussearch" value="<?php echo $previoussearch ?>">
+<input type="hidden" name="sesskey" value="<?php echo $sesskey ?>">
<input type="hidden" name="id" value="<?php echo $id?>">
<table align="center" border="0" cellpadding="5" cellspacing="0">
<tr>
View
6 course/student.php
@@ -67,7 +67,7 @@
/// A form was submitted so process the input
} else {
- if (!empty($frm->add) and !empty($frm->addselect)) {
+ if (!empty($frm->add) and !empty($frm->addselect) and confirm_sesskey()) {
if ($course->enrolperiod) {
$timestart = time();
$timeend = $timestart + $course->enrolperiod;
@@ -79,7 +79,7 @@
error("Could not add student with id $addstudent to this course!");
}
}
- } else if (!empty($frm->remove) and !empty($frm->removeselect)) {
+ } else if (!empty($frm->remove) and !empty($frm->removeselect) and confirm_sesskey()) {
foreach ($frm->removeselect as $removestudent) {
if (! unenrol_student($removestudent, $course->id)) {
error("Could not remove student with id $removestudent from this course!");
@@ -135,6 +135,8 @@
print_simple_box_start("center", "", "$THEME->cellheading");
+ $sesskey = !empty($USER->id) ? $USER->sesskey : '';
+
include('student.html');
print_simple_box_end();
Please sign in to comment.
Something went wrong with that request. Please try again.