Permalink
Browse files

Protect message settings with sesskey. MDL-16688 ; backported from 17…

…_STABLE
  • Loading branch information...
1 parent f01f112 commit cb46a969f8973ac35f42c6c4284cb3dcbc9565da stronk7 committed Sep 25, 2008
Showing with 3 additions and 2 deletions.
  1. +2 −2 message/lib.php
  2. +1 −0 message/settings.html
View
4 message/lib.php
@@ -248,8 +248,8 @@ function message_print_search() {
function message_print_settings() {
global $USER;
-
- if ($frm = data_submitted()) {
+
+ if ($frm = data_submitted() and confirm_sesskey()) {
$pref = array();
$pref['message_showmessagewindow'] = (isset($frm->showmessagewindow)) ? '1' : '0';
View
1 message/settings.html
@@ -1,5 +1,6 @@
<form name="message_settings" action="index.php" method="post">
<input type="hidden" name="tab" value="settings" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<table cellpadding="5" align="center" class="message_form">

0 comments on commit cb46a96

Please sign in to comment.