sesskey added to logout.php MDL-8727

author skodak <skodak>

Fri, 2 Mar 2007 16:47:38 +0000 (16:47 +0000)

committer skodak <skodak>

Fri, 2 Mar 2007 16:47:38 +0000 (16:47 +0000)
author skodak <skodak>
Fri, 2 Mar 2007 16:47:38 +0000 (16:47 +0000)
committer skodak <skodak>
Fri, 2 Mar 2007 16:47:38 +0000 (16:47 +0000)
diff --git a/enrol/authorize/localfuncs.php b/enrol/authorize/localfuncs.php

index 7929f598803fc00c75ecb2f914c554235e5e58fb..a10469dd6255e348868f9de063bf31ff609d5bbd 100644 (file)
--- a/enrol/authorize/localfuncs.php
+++ b/enrol/authorize/localfuncs.php
@@ -49,7 +49,7 @@ function prevent_double_paid($course)
      }
      if (isset($SESSION->ccpaid)) {
          unset($SESSION->ccpaid);
-        redirect($CFG->wwwroot . '/login/logout.php');
+        redirect($CFG->wwwroot . '/login/logout.php?sesskey='.sesskey());
          return;
      }
  }
diff --git a/lang/en_utf8/moodle.php b/lang/en_utf8/moodle.php

index a8a89b7bccacd14297b5e8ff7a2f85cc066c7835..2d0b354b92704d7c5e4889505491ce4d2dbf2e00 100644 (file)
--- a/lang/en_utf8/moodle.php
+++ b/lang/en_utf8/moodle.php
@@ -824,6 +824,7 @@ $string['loginstepsnone'] = '<p>Hi!</p>
  $string['loginto'] = 'Login to $a';
  $string['loginusing'] = 'Login here using your username and password';
  $string['logout'] = 'Logout';
+$string['logoutconfirm'] = 'Do you really want to logout?';
  $string['logs'] = 'Logs';
  $string['logtoomanycourses'] = '[ <a href=\"$a->url\">more</a> ]';
  $string['logtoomanyusers'] = '[ <a href=\"$a->url\">more</a> ]';
diff --git a/lib/weblib.php b/lib/weblib.php

index 0a577e52c4e20c5bcb32cae5ac479a129f243d32..95b78d978db5e81a81dc11659ba4ede246c170ef 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -2748,7 +2748,7 @@ function user_login_string($course=NULL, $user=NULL) {
                        href=\"$CFG->wwwroot/course/view.php?id=$course->id&amp;switchrole=0&amp;sesskey=".sesskey()."\">".get_string('switchrolereturn').'</a>)';
          } else {
              $loggedinas = $realuserinfo.get_string('loggedinas', 'moodle', $username).' '.
-                      " (<a $CFG->frametarget href=\"$CFG->wwwroot/login/logout.php\">".get_string('logout').'</a>)';
+                      " (<a $CFG->frametarget href=\"$CFG->wwwroot/login/logout.php?sesskey=".sesskey()."\">".get_string('logout').'</a>)';
          }
      } else {
          $loggedinas = get_string('loggedinnot', 'moodle').
diff --git a/login/logout.php b/login/logout.php

index 4714963209245a2e31db11a17fa5b50dd530a532..e4e90d2f12aa10362fbd337688ad42bf8ef7516f 100644 (file)
--- a/login/logout.php
+++ b/login/logout.php
@@ -10,6 +10,15 @@
          $wwwroot = $CFG->wwwroot;
      }
  
+    $sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning
+
+    if (!confirm_sesskey($sesskey)) {
+        print_header($SITE->fullname, $SITE->fullname, 'home');
+        notice_yesno(get_string('logoutconfirm'), 'logout.php', $CFG->wwwroot.'/', array('sesskey'=>sesskey()), null, 'post', 'get');
+        print_footer();
+        die;
+    }
+
      require_logout();
  
      redirect("$wwwroot/");
author	skodak <skodak>
	Fri, 2 Mar 2007 16:47:38 +0000 (16:47 +0000)
committer	skodak <skodak>
	Fri, 2 Mar 2007 16:47:38 +0000 (16:47 +0000)
enrol/authorize/localfuncs.php		patch \| blob \| history
lang/en_utf8/moodle.php		patch \| blob \| history
lib/weblib.php		patch \| blob \| history
login/logout.php		patch \| blob \| history