Permalink
Browse files

MDL-20901 fixed input validation

  • Loading branch information...
1 parent 7e4a6aa commit 5d8c79c0a61a40a4c450b7266e218e32e88c5ea7 @skodak skodak committed Nov 21, 2009
Showing with 2 additions and 1 deletion.
  1. +1 −0 mod/choice/lib.php
  2. +1 −1 mod/choice/view.php
View
1 mod/choice/lib.php
@@ -221,6 +221,7 @@ function choice_show_form($choice, $user, $cm) {
}
//show save choice button
echo '<div class="button">';
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
echo "<input type=\"hidden\" name=\"id\" value=\"$cm->id\" />";
if (!isguest()) { //don't show save button if the logged in user is the guest user.
echo "<input type=\"submit\" value=\"".get_string("savemychoice","choice")."\" />";
View
2 mod/choice/view.php
@@ -31,7 +31,7 @@
/// Submit any new data if there is any
- if ($form = data_submitted() && has_capability('mod/choice:choose', $context)) {
+ if ($form = data_submitted() && has_capability('mod/choice:choose', $context) && confirm_sesskey()) {
$timenow = time();
if (has_capability('mod/choice:deleteresponses', $context)) {
if ($action == 'delete') { //some responses need to be deleted

0 comments on commit 5d8c79c

Please sign in to comment.