Permalink
Browse files

MDL-20901 fixed input validation

  • Loading branch information...
1 parent 7eba467 commit ead8c49a45886ce5302ad99306d0b55c38422811 @skodak skodak committed Nov 21, 2009
Showing with 2 additions and 1 deletion.
  1. +1 −0 mod/forum/lib.php
  2. +1 −1 mod/forum/rate.php
View
@@ -5033,6 +5033,7 @@ function forum_print_discussion($course, $cm, $forum, $discussion, $post, $mode,
echo '<form id="form" method="post" action="rate.php">';
echo '<div class="ratingform">';
echo '<input type="hidden" name="forumid" value="'.$forum->id.'" />';
+ echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
$ratingsformused = true;
}
View
@@ -36,7 +36,7 @@
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
require_capability('mod/forum:rate', $context);
- if ($data = data_submitted()) {
+ if ($data = data_submitted() and confirm_sesskey()) {
$discussionid = false;

0 comments on commit ead8c49

Please sign in to comment.