Changed some sesskey behaviours SC#73 (admin part)

diff --git a/admin/backup.php b/admin/backup.php
index 9d7bdda1644c127044353736ded9c1a9911b1fc0..c461c0052321bdea93f25e252d09d183da36dfaf 100644 (file)
--- a/admin/backup.php
+++ b/admin/backup.php
@@ -15,17 +15,13 @@
         error("Site isn't defined!");
     }
 
-    if (!confirm_sesskey()) {
-        error(get_string('confirmsesskeybad', 'error'));
-    }
-
     //Initialise error variables
     $error = false;
     $sche_destination_error = "";
 
     /// If data submitted, then process and store.
 
-    if ($config = data_submitted()) {
+    if (($config = data_submitted()) && confirm_sesskey()) {
 
         //First of all we check that everything is correct
         //Check for trailing slash and backslash in backup_sche_destination

diff --git a/admin/configure.php b/admin/configure.php
index ed82aeabcf7a261a4b53af26b76e32dc016b2858..68e6036a3f421348aa13977bbffe8030bce0d89f 100644 (file)
--- a/admin/configure.php
+++ b/admin/configure.php
@@ -37,7 +37,7 @@
     $table->data[] = array("<strong><a href=\"filters.php\">". get_string('managefilters') .'</a></strong>',
                            get_string('adminhelpmanagefilters'));
     if (!isset($CFG->disablescheduledbackups)) {
-        $table->data[] = array("<strong><a href=\"backup.php?sesskey=$USER->sesskey\">".get_string("backup")."</a></strong>",
+        $table->data[] = array("<strong><a href=\"backup.php\">".get_string("backup")."</a></strong>",
                                get_string('adminhelpbackup'));
     }
 

diff --git a/admin/filters.php b/admin/filters.php
index 62a159177ef31c0500d27c950aff8d9efa895819..1f999f29a7bf1cd9e599cee8e307d09c36d0c7b8 100644 (file)
--- a/admin/filters.php
+++ b/admin/filters.php
@@ -16,10 +16,6 @@
         error("Only administrators can use this page!");
     }
 
-    if (!confirm_sesskey()) {
-        error(get_string('confirmsesskeybad', 'error'));
-    }
-
     if (!$site = get_site()) {
         error("Site isn't defined!");
     }
@@ -86,22 +82,23 @@
 /// If data submitted, then process and store.
 
     if (!empty($options)) {
-           if ($config = data_submitted()) {  
+           if (($config = data_submitted()) && confirm_sesskey()) {  
             unset($config->options);
+            unset($config->sesskey);
             foreach ($config as $name => $value) {
                 set_config($name, $value);
             }
         }
     }
 
-    if (!empty($add) and !empty($uselect)) {
+    if (!empty($add) and !empty($uselect) and confirm_sesskey()) {
         $selectedfilter = $uselect;
         if (!in_array($selectedfilter, $installedfilters)) {
             $installedfilters[] = $selectedfilter;
             set_config("textfilters", implode(',', $installedfilters));
         }
 
-    } else if (!empty($remove) and !empty($iselect)) {
+    } else if (!empty($remove) and !empty($iselect) and confirm_sesskey()) {
         $selectedfilter = $iselect;
         foreach ($installedfilters as $key => $installedfilter) {
             if ($installedfilter == $selectedfilter) {
@@ -110,7 +107,7 @@
         }
         set_config("textfilters", implode(',', $installedfilters));
 
-    } else if ((!empty($up) or !empty($down)) and !empty($iselect)) {
+    } else if ((!empty($up) or !empty($down)) and !empty($iselect) and confirm_sesskey()) {
 
         if (!empty($up)) {
             if ($allfilters[$iselect]) {

diff --git a/admin/lang.php b/admin/lang.php
index 1a61e9eddb5f7846cdb150efd388f13dcee69979..9be450d173a63a6070daca10dfbb2866ccc8319b 100644 (file)
--- a/admin/lang.php
+++ b/admin/lang.php
@@ -29,7 +29,6 @@
             $title = $strmissingstrings;
             $button = '<form target="'.$CFG->framename.'" method="get" action="'.$CFG->wwwroot.'/'.$CFG->admin.'/lang.php">'.
                       '<input type="hidden" name="mode" value="compare" />'.
-                      '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />'.
                       '<input type="submit" value="'.$strcomparelanguage.'" /></form>';
             break;
         case "compare":
@@ -37,7 +36,6 @@
             $title = $strcomparelanguage;
             $button = '<form target="'.$CFG->framename.'" method="get" action="'.$CFG->wwwroot.'/'.$CFG->admin.'/lang.php">'.
                       '<input type="hidden" name="mode" value="missing" />'.
-                      '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />'.
                       '<input type="submit" value="'.$strmissingstrings.'" /></form>';
             break;
         default:
@@ -62,8 +60,8 @@
         echo "</td><td>";
         echo popup_form ("$CFG->wwwroot/$CFG->admin/lang.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
         echo "</td></tr></table>";
-        print_heading("<a href=\"lang.php?mode=missing&sesskey=$USER->sesskey\">$strmissingstrings</a>");
-        print_heading("<a href=\"lang.php?mode=compare&sesskey=$USER->sesskey\">$strcomparelanguage</a>");
+        print_heading("<a href=\"lang.php?mode=missing\">$strmissingstrings</a>");
+        print_heading("<a href=\"lang.php?mode=compare\">$strcomparelanguage</a>");
         echo "<center><hr noshade=\"noshade\" size=\"1\" />";
         $options["lang"] = $currentlang;
         print_single_button("http://moodle.org/download/lang/", $options, get_string("latestlanguagepack"));
@@ -87,7 +85,7 @@
         }
     }
 
-    if ($mode == "missing" and confirm_sesskey()) {
+    if ($mode == "missing") {
         // For each file, check that a counterpart exists, then check all the strings
     
         foreach ($stringfiles as $file) {
@@ -153,15 +151,18 @@
             notice(get_string("languagegood"), "lang.php");
         }
 
-    } else if ($mode == "compare" and confirm_sesskey()) {
+    } else if ($mode == "compare") {
 
         if (isset($_POST['currentfile'])){   // Save a file
+            if (!confirm_sesskey()) {
+                error(get_string('confirmsesskeybad', 'error'));
+            }
             $newstrings = $_POST;
             unset($newstrings['currentfile']);
             if (lang_save_file($langdir, $currentfile, $newstrings)) {
                 notify(get_string("changessaved")." ($langdir/$currentfile)", "green");
             } else {
-                error("Could not save the file '$currentfile'!", "lang.php?mode=compare&amp;currentfile=$currentfile&amp;sesskey=$USER->sesskey");
+                error("Could not save the file '$currentfile'!", "lang.php?mode=compare&amp;currentfile=$currentfile");
             }
         }
 
@@ -173,7 +174,7 @@
             if ($file == $currentfile) {
                 echo "<b>$file</b> &nbsp; ";
             } else {
-                echo "<a href=\"lang.php?mode=compare&currentfile=$file&sesskey=$USER->sesskey\">$file</a> &nbsp; ";
+                echo "<a href=\"lang.php?mode=compare&currentfile=$file\">$file</a> &nbsp; ";
             }
         }
         echo '</font></center>';
@@ -216,7 +217,6 @@
 
         if ($editable) {
             echo "<form name=\"$currentfile\" action=\"lang.php\" method=\"post\">";
-            echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
         }
         echo "<table width=\"100%\" cellpadding=\"2\" cellspacing=\"3\" border=\"0\">";
         foreach ($enstring as $key => $envalue) {
@@ -266,6 +266,7 @@
         }
         if ($editable) {
             echo "<tr><td colspan=\"2\">&nbsp;<td><br />";
+            echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
             echo "    <input type=\"hidden\" name=\"currentfile\" value=\"$currentfile\">";
             echo "    <input type=\"hidden\" name=\"mode\" value=\"compare\">";
             echo "    <input type=\"submit\" name=\"update\" value=\"".get_string("savechanges").": $currentfile\">";