MDL-20901 fixed input validation

author Petr Skoda <skodak@moodle.org>

Thu, 19 Nov 2009 19:28:19 +0000 (19:28 +0000)

committer Petr Skoda <skodak@moodle.org>

Thu, 19 Nov 2009 19:28:19 +0000 (19:28 +0000)
author Petr Skoda <skodak@moodle.org>
Thu, 19 Nov 2009 19:28:19 +0000 (19:28 +0000)
committer Petr Skoda <skodak@moodle.org>
Thu, 19 Nov 2009 19:28:19 +0000 (19:28 +0000)
diff --git a/calendar/preferences.html b/calendar/preferences.html

index 8ca47f1beaf03926a9f00a01f803654a89b4d0a5..646f776f0753440f755a6d4cae126191e2fa0956 100644 (file)
--- a/calendar/preferences.html
+++ b/calendar/preferences.html
@@ -83,6 +83,7 @@
  
  <tr>
      <td colspan="2" style="text-align: center;">
+    <input type="hidden" name="sesskey" value="<?php echo sesskey(); ?>" />
      <input type="submit" value="<?php print_string("savechanges") ?>" /></td>
  </tr>
  </table>
diff --git a/calendar/preferences.php b/calendar/preferences.php

index bd806941c7186d999fcbe1a3ab809accaefd115e..01a1c2b23ec70f08658d1320e89816a3ebcb1345 100644 (file)
--- a/calendar/preferences.php
+++ b/calendar/preferences.php
@@ -21,7 +21,7 @@ calendar_session_vars();
  
  /// If data submitted, then process and store.
  
-if ($form = data_submitted()) {
+if ($form = data_submitted() and confirm_sesskey()) {
      foreach ($form as $preference => $value) {
          switch ($preference) {
              case 'timeformat':
author	Petr Skoda <skodak@moodle.org>
	Thu, 19 Nov 2009 19:28:19 +0000 (19:28 +0000)
committer	Petr Skoda <skodak@moodle.org>
	Thu, 19 Nov 2009 19:28:19 +0000 (19:28 +0000)
calendar/preferences.html		patch \| blob \| history
calendar/preferences.php		patch \| blob \| history