Permalink
Browse files

MDL-15450 CSRF prevention

  • Loading branch information...
1 parent 04ea701 commit 726d8b5805ceb8f6fc55db733609bc3bd1fa8baf skodak committed Jul 8, 2008
Showing with 2 additions and 1 deletion.
  1. +1 −0 user/edit.html
  2. +1 −1 user/edit.php
View
@@ -396,4 +396,5 @@
</table>
<input type="hidden" name="course" value="<?php p($course->id) ?>" />
<input type="hidden" name="id" value="<?php p($user->id) ?>" />
+<input type="hidden" name="sesskey" value="<?php p(sesskey()) ?>" />
</form>
View
@@ -69,7 +69,7 @@
/// If data submitted, then process and store.
- if ($usernew = data_submitted()) {
+ if ($usernew = data_submitted() and confirm_sesskey()) {
if (($USER->id <> $usernew->id) && !isadmin()) {
print_error('onlyeditown');

0 comments on commit 726d8b5

Please sign in to comment.