Added sesskey checking (SC #113)

moodle · May 6, 2005 · 69b8ba4 · 69b8ba4
1 parent d99c03c
commit 69b8ba4
Showing 1 changed file with 12 additions and 5 deletions.
diff --git a/admin/delete.php b/admin/delete.php
@@ -7,22 +7,29 @@
 
     require_login();
 
+    $sure = optional_param('sure', '');
+    $reallysure = optional_param('reallysure', '');
+
     if (!isadmin()) {
         error('You must be admin to use this script!');
     }
 
     $deletedir = $CFG->dataroot;   // The directory to delete!
 
-    if (!$sure) {
-        notice_yesno ('Are you completely sure you want to delete everything inside the directory '. $deletedir .' ?', 'delete.php?sure=yes', 'index.php');
+    if (empty($sure)) {
+        notice_yesno ('Are you completely sure you want to delete everything inside the directory '. $deletedir .' ?', 'delete.php?sure=yes&amp;sesskey='.sesskey(), 'index.php');
         exit;
     }
 
-    if (!$reallysure) {
-        notice_yesno ('Are you REALLY REALLY completely sure you want to delete everything inside the directory '. $deletedir .' (this includes all user images, and any other course files that have been created) ?', 'delete.php?sure=yes&amp;reallysure=yes', 'index.php');
+    if (empty($reallysure)) {
+        notice_yesno ('Are you REALLY REALLY completely sure you want to delete everything inside the directory '. $deletedir .' (this includes all user images, and any other course files that have been created) ?', 'delete.php?sure=yes&amp;reallysure=yes&amp;sesskey='.sesskey(), 'index.php');
         exit;
     }
 
+    if (!confirm_sesskey()) {
+        error('This script was called wrongly');
+    }
+
     /// OK, here goes ...
 
     delete_subdirectories($deletedir);
@@ -60,4 +67,4 @@ function delete_subdirectories($rootdir) {
     closedir($dir);
 }
 
-?>
+?>