course/edit.php is using sesskey.

Merged from MOODLE_14_STABLE

diff --git a/course/edit.html b/course/edit.html
index f11e6ccb3ea0a2f0ddab1784cdddd5ea47b5a07d..177b4991079ca410c55f20ae71b5933504750a1b 100644 (file)
--- a/course/edit.html
+++ b/course/edit.html
@@ -260,4 +260,5 @@
     <td><input type="submit" value="<?php  print_string("savechanges") ?>" /></td>
 </table>
 <input type="hidden" name="id" value="<?php echo $form->id ?>" />
+<input type="hidden" name="sesskey" value="<?php echo $form->sesskey ?>" />
 </form>

diff --git a/course/edit.php b/course/edit.php
index 01eb90cd711bf7ce42ff1ad268fddd8deae462b0..400fb72313fa8bcc5b4e36d2199ab0d7d77689ec 100644 (file)
--- a/course/edit.php
+++ b/course/edit.php
@@ -36,7 +36,7 @@
 
 /// If data submitted, then process and store.
 
-    if ($form = data_submitted()) {
+    if ($form = data_submitted() and confirm_sesskey()) {
 
         if (empty($course)) {
             check_for_restricted_user($USER->username, "$CFG->wwwroot");
@@ -182,6 +182,8 @@
                      "<a href=\"index.php\">$strcategories</a> -> $straddnewcourse", $focus);
     }
 
+    $form->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+
     print_heading($streditcoursesettings);
     print_simple_box_start("center", "", "$THEME->cellheading");
     include("edit.html");