MDL-17227 forum: add sesskey to post/discussion deletion. Merged from 19_STABLE

diff --git a/mod/forum/post.php b/mod/forum/post.php
index 721f8d4bad3868f0dcfff352300170d8685a50f6..ec84a584bfd18815ad7d40c2a10e714a46ee20f6 100644 (file)
--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@@ -264,7 +264,7 @@
 
         $replycount = forum_count_replies($post);
 
-        if (!empty($confirm)) {    // User has confirmed the delete
+        if (!empty($confirm) && confirm_sesskey()) {    // User has confirmed the delete
 
             if ($post->totalscore) {
                 notice(get_string("couldnotdeleteratings", "forum"),
@@ -319,7 +319,7 @@
                 }
                 print_header();
                 notice_yesno(get_string("deletesureplural", "forum", $replycount+1),
-                             "post.php?delete=$delete&confirm=$delete",
+                             "post.php?delete=$delete&confirm=$delete&sesskey=".sesskey(),
                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
 
                 forum_print_post($post, $discussion, $forum, $cm, $course, false, false, false);
@@ -332,7 +332,7 @@
             } else {
                 print_header();
                 notice_yesno(get_string("deletesure", "forum", $replycount),
-                             "post.php?delete=$delete&confirm=$delete",
+                             "post.php?delete=$delete&confirm=$delete&sesskey=".sesskey(),
                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
                 forum_print_post($post, $discussion, $forum, $cm, $course, false, false, false);
             }