Permalink
Browse files

Added sesskey to more actions + bug fix when detecting directory trav…

…ersals.

From skodak!

Merged from MOODLE_14_STABLE
  • Loading branch information...
1 parent 59b2920 commit e101802eb5e6bfdf3e49738b13b6725348a93c99 stronk7 committed Oct 24, 2004
Showing with 8 additions and 4 deletions.
  1. +8 −4 files/index.php
View
@@ -184,7 +184,7 @@ function html_header($course, $wdir, $formfield=""){
case "move":
html_header($course, $wdir);
- if ($count = setfilelist($_POST)) {
+ if (($count = setfilelist($_POST)) and confirm_sesskey()) {
$USER->fileop = $action;
$USER->filesource = $wdir;
echo "<p align=\"center\">";
@@ -197,7 +197,7 @@ function html_header($course, $wdir, $formfield=""){
case "paste":
html_header($course, $wdir);
- if (isset($USER->fileop) and $USER->fileop == "move") {
+ if (isset($USER->fileop) and ($USER->fileop == "move") and confirm_sesskey()) {
foreach ($USER->filelist as $file) {
$shortfile = basename($file);
$oldfile = $basedir.$file;
@@ -291,7 +291,7 @@ function html_header($course, $wdir, $formfield=""){
case "edit":
html_header($course, $wdir);
- if (isset($text)) {
+ if (isset($text) and confirm_sesskey()) {
$fileptr = fopen($basedir.$file,"w");
fputs($fileptr, stripslashes($text));
fclose($fileptr);
@@ -318,6 +318,7 @@ function html_header($course, $wdir, $formfield=""){
echo " <input type=\"hidden\" name=\"wdir\" value=\"$wdir\" />";
echo " <input type=\"hidden\" name=\"file\" value=\"$file\" />";
echo " <input type=\"hidden\" name=\"action\" value=\"edit\" />";
+ echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
print_textarea($usehtmleditor, 25, 80, 680, 400, "text", $contents);
echo "</td></tr><tr><td>";
echo " <input type=\"submit\" value=\"".get_string("savechanges")."\" />";
@@ -540,8 +541,9 @@ function setfilelist($VARS) {
foreach ($VARS as $key => $val) {
if (substr($key,0,4) == "file") {
$count++;
+ $val = rawurldecode($val);
if (!detect_munged_arguments($val, 0)) {
- $USER->filelist[] = rawurldecode($val);
+ $USER->filelist[] = $val;
}
}
}
@@ -731,6 +733,7 @@ function displaydir ($wdir) {
echo "<tr><td>";
echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />";
echo "<input type=\"hidden\" name=\"wdir\" value=\"$wdir\" /> ";
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
$options = array (
"move" => "$strmovetoanotherfolder",
"delete" => "$strdeletecompletely",
@@ -747,6 +750,7 @@ function displaydir ($wdir) {
echo " <input type=\"hidden\" name=\"id\" value=\"$id\" />";
echo " <input type=\"hidden\" name=\"wdir\" value=\"$wdir\" />";
echo " <input type=\"hidden\" name=\"action\" value=\"paste\" />";
+ echo " <input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\" />";
echo " <input type=\"submit\" value=\"$strmovefilestohere\" />";
echo "</form>";
}

0 comments on commit e101802

Please sign in to comment.