Permalink
Browse files

admin/editor.php is now using sesskey.

  • Loading branch information...
1 parent 09b1a30 commit a959544c5b77b3cc2c5764d5cdd7a81e1553c6c2 stronk7 committed Oct 3, 2004
Showing with 9 additions and 3 deletions.
  1. +1 −1 admin/configure.php
  2. +2 −0 admin/editor.html
  3. +5 −1 admin/editor.php
  4. +1 −1 admin/index.php
View
@@ -41,7 +41,7 @@
get_string("adminhelpbackup"));
}
- $table->data[]= array("<b><a href=\"editor.php\">". get_string("editorsettings") ."</a></b>",
+ $table->data[]= array("<b><a href=\"editor.php?sesskey=$USER->sesskey\">". get_string("editorsettings") ."</a></b>",
get_string("adminhelpeditorsettings"));
print_table($table);
View
@@ -1,4 +1,5 @@
<form method="post" action="<?php print($GLOBALS['ME']);?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
<table border="0" cellpadding="4" cellspacing="2">
<tr valign=top>
<td align=right><p>htmleditor:</td>
@@ -76,6 +77,7 @@
</form>
<form method="post" action="<?php print($GLOBALS['ME']);?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
<center>
<input type="submit" name="resettodefaults" value="<?php print_string('editorresettodefaults') ?>" />
</center>
View
@@ -8,6 +8,10 @@
error("Only admins can access this page");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+
if ($data = data_submitted()) {
// do we want default values?
@@ -21,7 +25,7 @@
error("Editor settings could not be updated!");
}
}
- redirect("$CFG->wwwroot/$CFG->admin/editor.php", get_string("changessaved"), 1);
+ redirect("$CFG->wwwroot/$CFG->admin/editor.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
} else {
// Generate edit form
View
@@ -288,7 +288,7 @@
$configdata .= "<font size=+1>&nbsp;</font><a href=\"backup.php?sesskey=$USER->sesskey\">".get_string("backup")."</a> - <font size=1>".
get_string("adminhelpbackup")."</font><br />";
}
- $configdata .= "<font size=+1>&nbsp;</font><a href=\"editor.php\">". get_string("editorsettings") ."</a> - <font size=1>".
+ $configdata .= "<font size=+1>&nbsp;</font><a href=\"editor.php?sesskey=$USER->sesskey\">". get_string("editorsettings") ."</a> - <font size=1>".
get_string("adminhelpeditorsettings")."</font><br />";
$table->data[] = array("<font size=+1><b><a href=\"configure.php\">".get_string("configuration")."</a></b>",

0 comments on commit a959544

Please sign in to comment.