Permalink
Browse files

Protect message settings with sesskey. MDL-16688 ; backported from 18…

…_STABLE
  • Loading branch information...
1 parent 3e91a8c commit 5cb0b4571bd9027343c94120c6b417d5566ccbd5 stronk7 committed Sep 25, 2008
Showing with 3 additions and 2 deletions.
  1. +2 −2 message/lib.php
  2. +1 −0 message/settings.html
View
@@ -250,8 +250,8 @@ function message_print_search() {
function message_print_settings() {
global $USER;
-
- if ($frm = data_submitted()) {
+
+ if ($frm = data_submitted() and confirm_sesskey()) {
$pref = array();
$pref['message_showmessagewindow'] = (isset($frm->showmessagewindow)) ? '1' : '0';
View
@@ -1,5 +1,6 @@
<form name="message_settings" action="index.php" method="post">
<input type="hidden" name="tab" value="settings" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<table cellpadding="5" align="center" class="message_form">

0 comments on commit 5cb0b45

Please sign in to comment.