MDL-20901 fixed input validation

moodle · Nov 20, 2009 · dba386b · dba386b
1 parent c2dcbfe
commit dba386b
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 1 deletion.
diff --git a/mod/glossary/import.html b/mod/glossary/import.html
@@ -46,6 +46,7 @@
 </table>
 <div>
 <input type="hidden" name="id" value="<?php p($id) ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
 <input type="hidden" name="step" value="1" />
 </div>
 </form>
diff --git a/mod/glossary/import.php b/mod/glossary/import.php
@@ -82,6 +82,7 @@
     exit;
 }
 
+require_sesskey();
 $form = data_submitted();
 $file = $_FILES["file"];
 

diff --git a/mod/glossary/rate.php b/mod/glossary/rate.php
@@ -46,7 +46,7 @@
         $returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id;
     }
 
-    if ($data = data_submitted()) {    // form submitted
+    if ($data = data_submitted() and confirm_sesskey()) {    // form submitted
 
     /// Calculate scale values
         $scale_values = make_grades_menu($glossary->scale);

diff --git a/mod/glossary/view.php b/mod/glossary/view.php
@@ -417,6 +417,7 @@
         echo "<form method=\"post\" action=\"rate.php\">";
         echo "<div>";
         echo "<input type=\"hidden\" name=\"glossaryid\" value=\"$glossary->id\" />";
+        echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
     }
 
     foreach ($allentries as $entry) {