course/editsection.php is using sesskey.

Merged from MOODLE_14_STABLE

diff --git a/course/editsection.html b/course/editsection.html
index e0eab2e75a29eb1de9cc8e06a1ed0e2989682639..96f98920107f35fd83ffe73b18184833512cd91f 100644 (file)
--- a/course/editsection.html
+++ b/course/editsection.html
@@ -22,6 +22,7 @@
 </tr>
 </table>
 <input type="hidden" name="id" value="<?php echo $form->id ?>" />
+<input type="hidden" name="sesskey" value="<?php echo $form->sesskey ?>" />
 <input type="submit" value="<?php print_string("savechanges") ?>" />
 </form>
 </center>

diff --git a/course/editsection.php b/course/editsection.php
index d56cd225686ce0cb1d7ce65e6864b27a382a9cfc..5bc78ead0daa1054429314733fed97bbc5ce7a1b 100644 (file)
--- a/course/editsection.php
+++ b/course/editsection.php
@@ -23,7 +23,7 @@
 
 /// If data submitted, then process and store.
 
-    if ($form = data_submitted()) {
+    if ($form = data_submitted() and confirm_sesskey()) {
 
         $timenow = time();
 
@@ -43,6 +43,8 @@
         $form = $section;
     }
 
+    $form->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+
     $usehtmleditor = can_use_html_editor();
 
     $sectionname = get_string("name$course->format");