]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: adef309)
MDL-20901 fixed input validation
authorPetr Skoda <skodak@moodle.org>
Sat, 21 Nov 2009 15:26:54 +0000 (15:26 +0000)
committerPetr Skoda <skodak@moodle.org>
Sat, 21 Nov 2009 15:26:54 +0000 (15:26 +0000)
mod/forum/subscriber.html patch | blob | history
mod/forum/subscribers.php patch | blob | history

diff --git a/mod/forum/subscriber.html b/mod/forum/subscriber.html
index 4fe214e8ca51f0033995b33a8694503922556506..5ea4b0fedb23de8a4be713fd0cfb133e3fddf1dc 100644 (file)
--- a/mod/forum/subscriber.html
+++ b/mod/forum/subscriber.html
@@ -1,6 +1,7 @@
 
 <form id="subscriberform" method="post" action="subscribers.php">
 <input type="hidden" name="id" value="<?php echo $id?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
   <table align="center" border="0" cellpadding="5" cellspacing="0">
     <tr>
       <td valign="top">
diff --git a/mod/forum/subscribers.php b/mod/forum/subscribers.php
index 35c7d6ec484b4ffa536937badaff110323c874d1..ddf802b02f01a40f4e1975cd33e1f3e3b19d99e7 100644 (file)
--- a/mod/forum/subscribers.php
+++ b/mod/forum/subscribers.php
@@ -102,7 +102,7 @@ $strsubscribers = get_string("subscribers", "forum");
 $strforums      = get_string("forums", "forum");
 
 $searchtext = optional_param('searchtext', '', PARAM_RAW);
-if ($frm = data_submitted()) {
+if ($frm = data_submitted() and confirm_sesskey()) {
 
 /// A form was submitted so process the input
     if (!empty($frm->add) and !empty($frm->addselect)) {
Unnamed repository; edit this file to name it for gitweb.