Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-15450 CSRF prevention

  • Loading branch information...
commit 726d8b5805ceb8f6fc55db733609bc3bd1fa8baf 1 parent 04ea701
skodak authored
Showing with 2 additions and 1 deletion.
  1. +1 −0  user/edit.html
  2. +1 −1  user/edit.php
View
1  user/edit.html
@@ -396,4 +396,5 @@
</table>
<input type="hidden" name="course" value="<?php p($course->id) ?>" />
<input type="hidden" name="id" value="<?php p($user->id) ?>" />
+<input type="hidden" name="sesskey" value="<?php p(sesskey()) ?>" />
</form>
View
2  user/edit.php
@@ -69,7 +69,7 @@
/// If data submitted, then process and store.
- if ($usernew = data_submitted()) {
+ if ($usernew = data_submitted() and confirm_sesskey()) {
if (($USER->id <> $usernew->id) && !isadmin()) {
print_error('onlyeditown');
Please sign in to comment.
Something went wrong with that request. Please try again.