Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

admin/uploaduser.php is now using sesskey.

  • Loading branch information...
commit c6ad74fad462e75f7df9c468257d35cfc1e81a14 1 parent 37a192b
stronk7 authored
Showing with 10 additions and 5 deletions.
  1. +1 −1  admin/index.php
  2. +8 −3 admin/uploaduser.php
  3. +1 −1  admin/users.php
View
2  admin/index.php
@@ -302,7 +302,7 @@
$userdata .= "<font size=+1>&nbsp;</font><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".
get_string("addnewuser")."</a> - <font size=1>".
get_string("adminhelpaddnewuser")."</font><br />";
- $userdata .= "<font size=+1>&nbsp;</font><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php\">".
+ $userdata .= "<font size=+1>&nbsp;</font><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".
get_string("uploadusers")."</a> - <font size=1>".
get_string("adminhelpuploadusers")."</font><br />";
View
11 admin/uploaduser.php
@@ -17,6 +17,10 @@
error("Could not find site-level course");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+
if (!$adminuser = get_admin()) {
error("Could not find site admin");
}
@@ -105,7 +109,7 @@
foreach ($header as $i => $h) {
$h = trim($h); $header[$i] = $h; // remove whitespace
if (!($required[$h] or $optionalDefaults[$h] or $optional[$h])) {
- error(get_string('invalidfieldname', 'error', $h), 'uploaduser.php');
+ error(get_string('invalidfieldname', 'error', $h), 'uploaduser.php?sesskey='.$USER->sesskey);
}
if ($required[$h]) {
$required[$h] = 2;
@@ -114,7 +118,7 @@
// check for required fields
foreach ($required as $key => $value) {
if ($value < 2) {
- error(get_string('fieldrequired', 'error', $key), 'uploaduser.php');
+ error(get_string('fieldrequired', 'error', $key), 'uploaduser.php?sesskey='.$USER->sesskey);
}
}
$linenum = 2; // since header is line 1
@@ -140,7 +144,7 @@
if ($required[$name] and !$value) {
error(get_string('missingfield', 'error', $name). " ".
get_string('erroronline', 'error', $linenum),
- 'uploaduser.php');
+ 'uploaduser.php?sesskey='.$USER->sesskey);
}
// password needs to be encrypted
else if ($name == "password") {
@@ -258,6 +262,7 @@
echo '<center>';
echo '<form method="post" enctype="multipart/form-data" action="uploaduser.php">'.
$strchoose.':<input type="hidden" name="MAX_FILE_SIZE" value="'.$maxuploadsize.'">'.
+ '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'">'.
'<input type="file" name="userfile" size=30>'.
'<input type="submit" value="'.$struploadusers.'">'.
'</form></br>';
View
2  admin/users.php
@@ -30,7 +30,7 @@
if (is_internal_auth()) {
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".get_string("addnewuser")."</a></b>",
get_string("adminhelpaddnewuser"));
- $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php\">".get_string("uploadusers")."</a></b>",
+ $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."</a></b>",
get_string("adminhelpuploadusers"));
}
$table->data[] = array('', '<hr />');
Please sign in to comment.
Something went wrong with that request. Please try again.