Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-20901 fixed input validation

  • Loading branch information...
commit bddfa51dcf39b8486379adcb63e18c8bc92e4633 1 parent 0f7b1a9
@skodak skodak authored
View
4 mod/glossary/comment.php
@@ -118,14 +118,14 @@ function glossary_comment_delete() {
error('You can\'t delete comments in this glossary!');
}
- if (data_submitted() and $confirm) {
+ if (data_submitted() and $confirm and confirm_sesskey()) {
delete_records('glossary_comments','id', $cid);
add_to_log($course->id, 'glossary', 'delete comment', "comments.php?id=$cm->id&eid=$entry->id", "$comment->id",$cm->id);
redirect("comments.php?id=$cm->id&eid=$entry->id");
} else {
$linkyes = 'comment.php';
- $optionsyes = array('action'=>'delete', 'cid'=>$cid, 'confirm'=>1);
+ $optionsyes = array('action'=>'delete', 'cid'=>$cid, 'confirm'=>1, 'sesskey'=>sesskey());
$linkno = 'comments.php';
$optionsno = array('id'=>$cm->id, 'eid'=>$entry->id);
$strdeletewarning = get_string('areyousuredeletecomment','glossary');
View
1  mod/glossary/import.html
@@ -44,6 +44,7 @@
</table>
<div>
<input type="hidden" name="id" value="<?php p($id) ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="step" value="1" />
</div>
</form>
View
1  mod/glossary/import.php
@@ -61,6 +61,7 @@
exit;
}
+ require_sesskey();
$form = data_submitted();
$file = $_FILES["file"];
View
2  mod/glossary/rate.php
@@ -44,7 +44,7 @@
$returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id;
}
- if ($data = data_submitted()) { // form submitted
+ if ($data = data_submitted() and confirm_sesskey()) { // form submitted
/// Calculate scale values
$scale_values = make_grades_menu($glossary->scale);
View
1  mod/glossary/view.php
@@ -415,6 +415,7 @@
echo "<form method=\"post\" action=\"rate.php\">";
echo "<div>";
echo "<input type=\"hidden\" name=\"glossaryid\" value=\"$glossary->id\" />";
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
}
foreach ($allentries as $entry) {
Please sign in to comment.
Something went wrong with that request. Please try again.