<tr>
<td colspan="3" align="center">
- <input type="submit" value="<?php print_string("savechanges") ?>"></td>
+ <input type="hidden" name="sesskey" value="<?php p($sesskey) ?>" />
+ <input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr>
</table>
if ($config = data_submitted($match)) {
+ if (isset($USER)) { // Additional identity check
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+ }
+
validate_form($config, $err);
if (count($err) == 0) {
echo "<br />";
}
+ $sesskey = isset($USER) ? $USER->sesskey : '';
+
print_simple_box_start("center", "", "$THEME->cellheading");
include("config.html");
print_simple_box_end();
function validate_form(&$form, &$err) {
- // if (empty($form->fullname))
- // $err["fullname"] = get_string("missingsitename");
+ // Currently no checks are needed ...
- return;
+ return true;
}
-<form method="post" action="site.php" name="form" <?php echo $onsubmit ?>>
+<form method="post" action="site.php" name="form">
<table cellpadding="9" cellspacing="0" >
<tr valign="top">
<td align="right"><p><?php print_string("fullsitename") ?>:</td>
<input type="hidden" name="id" value="<?php p($form->id) ?>">
<input type="hidden" name="category" value="<?php p($form->category) ?>">
<input type="hidden" name="format" value="<?php p($form->format) ?>">
+<input type="hidden" name="sesskey" value="<?php p($sesskey) ?>">
</form>
-
-<?php
- if ($usehtmleditor) {
- print_richedit_javascript("form", "summary", "no");
- }
-?>
if ($form = data_submitted()) {
+ if (isset($USER)) { // Additional identity check
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+ }
+
validate_form($form, $err);
if (count($err) == 0) {
print_heading($strsitesettings);
}
- $defaultformat = FORMAT_HTML;
- if ($usehtmleditor = can_use_richtext_editor()) {
- $onsubmit = "onsubmit=\"copyrichtext(form.summary);\"";
- } else {
- $onsubmit = "";
+ if (!isset($USER)) {
+ $USER->htmleditor = true;
}
+ $usehtmleditor = can_use_html_editor();
+ $defaultformat = FORMAT_HTML;
+
+ $sesskey = isset($USER) ? $USER->sesskey : '';
print_simple_box_start("center", "", "$THEME->cellheading");
include("site.html");
print_simple_box_end();
+ if ($usehtmleditor) {
+ use_html_editor();
+ }
+
if (!$firsttime) {
print_footer();
}
print_heading("");
- if (isset($zone)) {
+ if (isset($zone) and confirm_sesskey()) {
$db->debug = true;
echo "<center>";
execute_sql("UPDATE {$CFG->prefix}user SET timezone = '$zone'");
}
}
- echo "<center><form action=\"timezone\".php method=\"get\">";
+ echo '<center><form action="timezone.php" method="get">';
echo "$strusers ($strall): ";
choose_from_menu ($timezones, "zone", $user->timezone, get_string("serverlocaltime"), "", "99");
+ echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\">";
echo "<input type=\"submit\" value=\"$strsavechanges\">";
- echo "</form>";
+ echo "</form></center>";
print_footer();
if (empty($_GET['confirm'])) {
notice_yesno(get_string("upgradelogsinfo", "admin"),
- "upgradelogs.php?confirm=true",
+ "upgradelogs.php?confirm=true&sesskey=$USER->sesskey",
"index.php");
print_footer();
exit;
+ } else if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
}
"<a href=\"users.php\">$strusers</a> -> $stredituser");
}
- if ($confirmuser) {
+ if ($confirmuser and confirm_sesskey()) {
if (!$user = get_record("user", "id", "$confirmuser")) {
error("No such user!");
}
$strlastaccess = get_string("never");
}
if ($user->confirmed == 0) {
- $confirmbutton = "<a href=\"user.php?confirmuser=$user->id\">" . get_string("confirm") . "</a>";
+ $confirmbutton = "<a href=\"user.php?confirmuser=$user->id&sesskey=$USER->sesskey\">" . get_string("confirm") . "</a>";
} else {
$confirmbutton = "";
}
projects / moodle.git / commitdiff