Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Protect message settings with sesskey. MDL-16688 ; backported from 18…

…_STABLE
  • Loading branch information...
commit 5cb0b4571bd9027343c94120c6b417d5566ccbd5 1 parent 3e91a8c
stronk7 authored
Showing with 3 additions and 2 deletions.
  1. +2 −2 message/lib.php
  2. +1 −0  message/settings.html
View
4 message/lib.php
@@ -250,8 +250,8 @@ function message_print_search() {
function message_print_settings() {
global $USER;
-
- if ($frm = data_submitted()) {
+
+ if ($frm = data_submitted() and confirm_sesskey()) {
$pref = array();
$pref['message_showmessagewindow'] = (isset($frm->showmessagewindow)) ? '1' : '0';
View
1  message/settings.html
@@ -1,5 +1,6 @@
<form name="message_settings" action="index.php" method="post">
<input type="hidden" name="tab" value="settings" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<table cellpadding="5" align="center" class="message_form">
Please sign in to comment.
Something went wrong with that request. Please try again.