Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-24561 forum: require sesskey for the course-wide subscriptions - …

…backported from 2.0

mod/forum/index.php allows to subscribe to and unsubscribe from all
forums in the course. However, sesskey was not checked here.
  • Loading branch information...
commit be7c8bb2c2b4b5ceb3e59564652c0444a65e4d13 1 parent 0b393d6
David Mudrák mudrd8mz authored
Showing with 3 additions and 2 deletions.
  1. +3 −2 mod/forum/index.php
5 mod/forum/index.php
View
@@ -119,6 +119,7 @@
/// Do course wide subscribe/unsubscribe
if (!is_null($subscribe) and !isguestuser() and !isguest()) {
+ require_sesskey();
foreach ($modinfo->instances['forum'] as $forumid=>$cm) {
$forum = $forums[$forumid];
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
@@ -387,9 +388,9 @@
if (!isguest()) {
print_box_start('subscription');
echo '<span class="helplink">';
- echo '<a href="index.php?id='.$course->id.'&amp;subscribe=1">'.get_string('allsubscribe', 'forum').'</a>';
+ echo '<a href="index.php?id='.$course->id.'&amp;subscribe=1&amp;sesskey='.sesskey().'">'.get_string('allsubscribe', 'forum').'</a>';
echo '</span><br /><span class="helplink">';
- echo '<a href="index.php?id='.$course->id.'&amp;subscribe=0">'.get_string('allunsubscribe', 'forum').'</a>';
+ echo '<a href="index.php?id='.$course->id.'&amp;subscribe=0&amp;sesskey='.sesskey().'">'.get_string('allunsubscribe', 'forum').'</a>';
echo '</span>';
print_box_end();
print_box('&nbsp;', 'clearer');
Please sign in to comment.
Something went wrong with that request. Please try again.