Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

course/index.php is using sesskey.

  • Loading branch information...
commit 952d9baf580ee656435e30ba978ffd3417d0d04d 1 parent bccdea5
stronk7 authored
View
6 admin/index.php
@@ -308,10 +308,10 @@
$userdata .= "<hr><font size=+1>&nbsp;</font><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a> - <font size=1>".
get_string("adminhelpenrolments")."</font><br />";
- $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a> - <font size=1>".
+ $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=off&sesskey=$USER->sesskey\">".get_string("assignstudents")."</a> - <font size=1>".
get_string("adminhelpassignstudents")."</font><br />";
- $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=on\">".get_string("assignteachers")."</a> - <font size=1>".
+ $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=on&sesskey=$USER->sesskey\">".get_string("assignteachers")."</a> - <font size=1>".
get_string("adminhelpassignteachers").
" <img src=\"../pix/t/user.gif\" height=11 width=11></font><br />";
$userdata .= "<font size=+1>&nbsp;</font><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a> - <font size=1>".
@@ -321,7 +321,7 @@
$table->data[] = array("<font size=+1><b><a href=\"users.php\">".get_string("users")."</a></b>", $userdata);
- $table->data[] = array("<font size=+1><b><a href=\"../course/index.php?edit=on\">".get_string("courses")."</a></b>",
+ $table->data[] = array("<font size=+1><b><a href=\"../course/index.php?edit=on&sesskey=$USER->sesskey\">".get_string("courses")."</a></b>",
"<font size=+1>&nbsp;</font>".get_string("adminhelpcourses"));
$table->data[] = array("<font size=+1><b><a href=\"../course/log.php?id=$site->id\">".get_string("logs")."</a></b>",
"<font size=+1>&nbsp;</font>".get_string("adminhelplogs"));
View
4 admin/users.php
@@ -36,9 +36,9 @@
$table->data[] = array('', '<hr />');
$table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a></b>",
get_string("adminhelpenrolments"));
- $table->data[] = array("<b><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a></b>",
+ $table->data[] = array("<b><a href=\"../course/index.php?edit=off&sesskey=$USER->sesskey\">".get_string("assignstudents")."</a></b>",
get_string("adminhelpassignstudents"));
- $table->data[] = array("<b><a href=\"../course/index.php?edit=on\">".get_string("assignteachers")."</a></b>",
+ $table->data[] = array("<b><a href=\"../course/index.php?edit=on&sesskey=$USER->sesskey\">".get_string("assignteachers")."</a></b>",
get_string("adminhelpassignteachers")." <img src=\"../pix/t/user.gif\" height=11 width=11>");
$table->data[] = array("<b><a href=\"creators.php?sesskey=$USER->sesskey\">".get_string("assigncreators")."</a></b>",
get_string("adminhelpassigncreators"));
View
4 blocks/admin/block_admin.php
@@ -32,7 +32,7 @@ function get_content() {
function load_content_for_site() {
- global $CFG;
+ global $CFG, $USER;
if (isadmin()) {
$this->content->items[] = '<a href="'.$CFG->wwwroot.'/'.$CFG->admin.'/configure.php">'.get_string('configuration').'</a>...';
@@ -49,7 +49,7 @@ function load_content_for_site() {
}
if (iscreator()) {
- $this->content->items[] = '<a href="'.$CFG->wwwroot.'/course/index.php?edit=on">'.get_string('courses').'</a>';
+ $this->content->items[] = '<a href="'.$CFG->wwwroot.'/course/index.php?edit=on&sesskey='.$USER->sesskey.'">'.get_string('courses').'</a>';
$this->content->icons[] = '<img src="'.$CFG->pixpath.'/i/course.gif" height="16" width="16" alt="" />';
}
View
25 course/index.php
@@ -14,7 +14,7 @@
}
if (isadmin()) {
- if (isset($_GET['edit'])) {
+ if (isset($_GET['edit']) and confirm_sesskey()) {
if ($edit == "on") {
$USER->categoriesediting = true;
} else if ($edit == "off") {
@@ -84,7 +84,7 @@
/// If data for a new category was submitted, then add it
- if ($form = data_submitted()) {
+ if ($form = data_submitted() and confirm_sesskey()) {
if (!empty($form->addcategory)) {
unset($newcategory);
$newcategory->name = $form->addcategory;
@@ -100,7 +100,7 @@
/// Delete a category if necessary
- if (isset($delete)) {
+ if (isset($delete) and confirm_sesskey()) {
if ($deletecat = get_record("course_categories", "id", $delete)) {
/// Send the children categories to live with their grandparent
@@ -145,7 +145,7 @@
/// Move a category to a new parent if required
- if (isset($move) and isset($moveto)) {
+ if (isset($move) and isset($moveto) and confirm_sesskey()) {
if ($tempcat = get_record("course_categories", "id", $move)) {
if ($tempcat->parent != $moveto) {
if (! set_field("course_categories", "parent", $moveto, "id", $tempcat->id)) {
@@ -157,7 +157,7 @@
/// Hide or show a category
- if (isset($hide) or isset($show)) {
+ if ((isset($hide) or isset($show)) and confirm_sesskey()) {
if (isset($hide)) {
$tempcat = get_record("course_categories", "id", $hide);
$visible = 0;
@@ -178,7 +178,7 @@
/// Move a category up or down
- if (isset($moveup) or isset($movedown)) {
+ if ((isset($moveup) or isset($movedown)) and confirm_sesskey()) {
$swapcategory = NULL;
$movecategory = NULL;
@@ -253,6 +253,7 @@
echo "<form name=\"addform\" action=\"index.php\" method=\"post\">";
echo "<input type=\"text\" size=30 name=\"addcategory\">";
echo "<input type=\"submit\" value=\"$straddnewcategory\">";
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\">";
echo "</form>";
echo "</center>";
@@ -335,23 +336,23 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $
echo "<td nowrap=\"nowrap\">"; /// Print little icons
- echo "<a title=\"$str->delete\" href=\"index.php?delete=$category->id\"><img".
+ echo "<a title=\"$str->delete\" href=\"index.php?delete=$category->id&sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/delete.gif\" height=11 width=11 border=0></a> ";
if (!empty($category->visible)) {
- echo "<a title=\"$str->hide\" href=\"index.php?hide=$category->id\"><img".
+ echo "<a title=\"$str->hide\" href=\"index.php?hide=$category->id&sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/hide.gif\" height=11 width=11 border=0></a> ";
} else {
- echo "<a title=\"$str->show\" href=\"index.php?show=$category->id\"><img".
+ echo "<a title=\"$str->show\" href=\"index.php?show=$category->id&sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/show.gif\" height=11 width=11 border=0></a> ";
}
if ($up) {
- echo "<a title=\"$str->moveup\" href=\"index.php?moveup=$category->id\"><img".
+ echo "<a title=\"$str->moveup\" href=\"index.php?moveup=$category->id&sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/up.gif\" height=11 width=11 border=0></a> ";
}
if ($down) {
- echo "<a title=\"$str->movedown\" href=\"index.php?movedown=$category->id\"><img".
+ echo "<a title=\"$str->movedown\" href=\"index.php?movedown=$category->id&sesskey=$USER->sesskey\"><img".
" src=\"$pixpath/t/down.gif\" height=11 width=11 border=0></a> ";
}
echo "</td>";
@@ -364,7 +365,7 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $
unset($tempdisplaylist[$key]);
}
}
- popup_form ("index.php?move=$category->id&moveto=", $tempdisplaylist, "moveform$category->id", "$category->parent", "", "", "", false);
+ popup_form ("index.php?move=$category->id&sesskey=$USER->sesskey&moveto=", $tempdisplaylist, "moveform$category->id", "$category->parent", "", "", "", false);
echo "</td>";
echo "</tr>";
} else {
View
1  lib/weblib.php
@@ -1924,6 +1924,7 @@ function update_categories_button() {
}
return "<form target=\"$CFG->framename\" method=\"get\" action=\"$CFG->wwwroot/course/index.php\">".
"<input type=\"hidden\" name=\"edit\" value=\"$edit\" />".
+ "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />".
"<input type=\"submit\" value=\"$string\" /></form>";
}
}
Please sign in to comment.
Something went wrong with that request. Please try again.