}
function add_edit_controls($options, $blockid) {
- global $CFG, $THEME;
+ global $CFG, $THEME, $USER;
// The block may be disabled
$blockid = intval($blockid);
} else {
$pixpath = $path.'/../theme/'.$CFG->theme.'/pix';
}
+
+ $sesskeystr = '&sesskey='.$USER->sesskey;
$movebuttons = '<div style="float: right;">';
$title = $this->str->show;
}
- $movebuttons .= '<a style="margin-right: 6px; margin-left: 3px;" title="'.$title.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=toggle&blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 6px; margin-left: 3px;" title="'.$title.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=toggle&blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.$icon.'" alt="" /></a>';
- $movebuttons .= '<a title="'.$this->str->delete.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=delete&blockid='.$blockid.'">' .
+ $movebuttons .= '<a title="'.$this->str->delete.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=delete&blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/delete.gif" alt="" /></a> ';
if ($options & BLOCK_MOVE_LEFT) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveleft.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=moveside&blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveleft.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=moveside&blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/left.gif" alt="" /></a>';
}
if ($options & BLOCK_MOVE_UP) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveup.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=moveup&blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveup.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=moveup&blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/up.gif" alt="" /></a>';
}
if ($options & BLOCK_MOVE_DOWN) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->movedown.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=movedown&blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->movedown.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=movedown&blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/down.gif" alt="" /></a>';
}
if ($options & BLOCK_MOVE_RIGHT) {
- $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveright.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=moveside&blockid='.$blockid.'">' .
+ $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveright.'" href="'.$path.'/view.php?id='.$this->course->id.'&blockaction=moveside&blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/right.gif" alt="" /></a>';
}
}
}
- if (isteacher($course->id) and isset($marker)) {
+ if (isteacher($course->id) and isset($marker) and confirm_sesskey()) {
$course->marker = $marker;
if (! set_field("course", "marker", $marker, "id", $course->id)) {
error("Could not mark that topic for this course");
if (isediting($course->id)) {
if ($course->marker == $section) { // Show the "light globe" on/off
- echo "<a href=\"view.php?id=$course->id&marker=0\" title=\"$strmarkedthistopic\">".
+ echo "<a href=\"view.php?id=$course->id&marker=0&sesskey=$USER->sesskey\" title=\"$strmarkedthistopic\">".
"<img src=\"$CFG->pixpath/i/marked.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} else {
- echo "<a href=\"view.php?id=$course->id&marker=$section\" title=\"$strmarkthistopic\">".
+ echo "<a href=\"view.php?id=$course->id&marker=$section&sesskey=$USER->sesskey\" title=\"$strmarkthistopic\">".
"<img src=\"$CFG->pixpath/i/marker.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
}
if ($thissection->visible) { // Show the hide/show eye
- echo "<a href=\"view.php?id=$course->id&hide=$section\" title=\"$strtopichide\">".
+ echo "<a href=\"view.php?id=$course->id&hide=$section&sesskey=$USER->sesskey\" title=\"$strtopichide\">".
"<img src=\"$CFG->pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} else {
- echo "<a href=\"view.php?id=$course->id&show=$section\" title=\"$strtopicshow\">".
+ echo "<a href=\"view.php?id=$course->id&show=$section&sesskey=$USER->sesskey\" title=\"$strtopicshow\">".
"<img src=\"$CFG->pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
}
if ($section > 1) { // Add a arrow to move section up
- echo "<a href=\"view.php?id=$course->id&section=$section&move=-1\" title=\"$strmoveup\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=-1&sesskey=$USER->sesskey\" title=\"$strmoveup\">".
"<img src=\"$CFG->pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
}
if ($section < $course->numsections) { // Add a arrow to move section down
- echo "<a href=\"view.php?id=$course->id&section=$section&move=1\" title=\"$strmovedown\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=1&sesskey=$USER->sesskey\" title=\"$strmovedown\">".
"<img src=\"$CFG->pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
}
if (isediting($course->id)) {
if ($thissection->visible) { // Show the hide/show eye
- echo "<a href=\"view.php?id=$course->id&hide=$section\" title=\"$strweekhide\">".
+ echo "<a href=\"view.php?id=$course->id&hide=$section&sesskey=$USER->sesskey\" title=\"$strweekhide\">".
"<img src=\"$CFG->pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} else {
- echo "<a href=\"view.php?id=$course->id&show=$section\" title=\"$strweekshow\">".
+ echo "<a href=\"view.php?id=$course->id&show=$section&sesskey=$USER->sesskey\" title=\"$strweekshow\">".
"<img src=\"$CFG->pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
}
if ($section > 1) { // Add a arrow to move section up
- echo "<a href=\"view.php?id=$course->id&section=$section&move=-1\" title=\"$strmoveup\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=-1&sesskey=$USER->sesskey\" title=\"$strmoveup\">".
"<img src=\"$CFG->pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
}
if ($section < $course->numsections) { // Add a arrow to move section down
- echo "<a href=\"view.php?id=$course->id&section=$section&move=1\" title=\"$strmovedown\">".
+ echo "<a href=\"view.php?id=$course->id&section=$section&move=1&sesskey=$USER->sesskey\" title=\"$strmovedown\">".
"<img src=\"$CFG->pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
}
$editing = $USER->editing;
- if (isset($hide)) {
+ if (isset($hide) and confirm_sesskey()) {
set_section_visible($course->id, $hide, '0');
}
- if (isset($show)) {
+ if (isset($show) and confirm_sesskey()) {
set_section_visible($course->id, $show, '1');
}
- if (isset($_GET['blockaction'])) {
+ if (isset($_GET['blockaction']) and confirm_sesskey()) {
if (isset($_GET['blockid'])) {
block_action($course, $leftblocks, $rightblocks, strtolower($_GET['blockaction']), intval($_GET['blockid']));
}
}
if (!empty($section)) {
- if (!empty($move)) {
+ if (!empty($move) and confirm_sesskey()) {
if (!move_section($course, $section, $move)) {
notify("An error occurred while moving a section");
}
//This function prints the block to admin blocks as necessary
function block_print_blocks_admin(&$course, $missingblocks) {
+
+ global $USER;
+
if (isediting($course->id)) {
$strblocks = get_string('blocks');
$stradd = get_string('add');
else {
$target = 'view.php';
}
- $content = popup_form($target.'?id='.$course->id.'&blockaction=add&blockid=',
+ $content = popup_form($target.'?id='.$course->id.'&blockaction=add&sesskey='.$USER->sesskey.'&blockid=',
$menu, 'add_block', '', "$stradd...", '', '', true);
$content = '<div align="center">'.$content.'</div>';
print_side_block($strblocks, $content, NULL, NULL, NULL);
projects / moodle.git / commitdiff