}
$form = data_submitted();
-if ( $mode == 'visible' ) {
+if ( $mode == 'visible' and confirm_sesskey()) {
if ( $displayformat ) {
if ( $displayformat->visible ) {
$displayformat->visible = 0;
}
redirect("$CFG->wwwroot/$CFG->admin/settings.php?section=modsettingglossary#glossary_formats_header");
die;
-} elseif ( $mode == 'edit' and $form) {
+} elseif ( $mode == 'edit' and $form and confirm_sesskey()) {
$displayformat->popupformatname = $form->popupformatname;
$displayformat->showgroup = $form->showgroup;
<input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr>
<input type="hidden" name="id" value="<?php p($id) ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="mode" value="edit" />
<?php
$vtitle = get_string("show");
$vicon = "show.gif";
}
- $vicon = "<a title=\"".$vtitle."\" href=\"$CFG->wwwroot/mod/glossary/formats.php?id=$formatid&mode=visible\"><img class=\"iconsmall\" src=\"$pixpath/t/".$vicon."\" alt=\"$vtitle\" /></a>";
+ $vicon = "<a title=\"".$vtitle."\" href=\"$CFG->wwwroot/mod/glossary/formats.php?id=$formatid&mode=visible
&sesskey=".sesskey()."\"><img class=\"iconsmall\" src=\"$pixpath/t/".$vicon."\" alt=\"$vtitle\" /></a>";
$str .= '<td align="center">'.$eicon.' '.$vicon.'</td>';
$str .= '</tr>';
projects / moodle.git / commitdiff