Permalink
Browse files

MDL-20925 fixed input validation and course ajax now fully respects t…

…he disable course ajax option
  • Loading branch information...
1 parent a43a504 commit 778dab756cb05c22b73869d84362673d8501a803 @skodak skodak committed Nov 21, 2009
Showing with 6 additions and 1 deletion.
  1. +5 −0 course/rest.php
  2. +1 −1 lib/ajax/ajaxcourse.js
View
@@ -44,7 +44,12 @@
require_login($course->id);
require_capability('moodle/course:update', $context);
+if (!empty($CFG->disablecourseajax)) {
+ errorl_log('Course AJAX not allowed');
+ die;
+}
+require_sesskey();
// OK, now let's process the parameters and do stuff
switch($_SERVER['REQUEST_METHOD']) {
View
@@ -176,7 +176,7 @@ main_class.prototype.connect = function(method, urlStub, callback, body) {
if (callback == null) {
callback = {}
}
- return YAHOO.util.Connect.asyncRequest(method, this.portal.strings['wwwroot']+"/course/rest.php?courseId="+main.portal.id+"&"+urlStub, callback, body);
+ return YAHOO.util.Connect.asyncRequest(method, this.portal.strings['wwwroot']+"/course/rest.php?courseId="+main.portal.id+"&sesskey="+this.portal.strings['sesskey']+"&"+urlStub, callback, body);
}

0 comments on commit 778dab7

Please sign in to comment.