MDL-20901 fixed input validation

diff --git a/backup/backup.php b/backup/backup.php
index 4a89ac7b91027bc15bfc8b737adee79afab6c0ac..1ee0ed3b5f33d550fdb286c4540399173559bb29 100644 (file)
--- a/backup/backup.php
+++ b/backup/backup.php
@@ -119,7 +119,7 @@
     raise_memory_limit("192M");
 
     //Call the form, depending the step we are
-    if (!$launch) {
+    if (!$launch or !data_submitted() or !confirm_sesskey()) {
         // if we're at the start, clear the cache of prefs
         if (isset($SESSION->backupprefs[$course->id])) {
             unset($SESSION->backupprefs[$course->id]);

diff --git a/backup/backup_check.html b/backup/backup_check.html
index 368a20b18c47ca15cd4653f55cd0df665483b571..853a099280a0d810fc63c8e70f450f0f4c04f88b 100644 (file)
--- a/backup/backup_check.html
+++ b/backup/backup_check.html
@@ -50,6 +50,7 @@
 <form id="form" method="post" action="backup.php">
 <table cellpadding="5" style="text-align:center;margin-left:auto;margin-right:auto">
 <?php
+    echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
 
     if (empty($to)) {
         //Now print the Backup Name tr

diff --git a/backup/backup_form.html b/backup/backup_form.html
index 20c0a388253a0ca92d263e83960edf717a175cc7..e13e31cd989d24b7fe351c206ad1a6c400f3f317 100644 (file)
--- a/backup/backup_form.html
+++ b/backup/backup_form.html
@@ -124,6 +124,8 @@ function selectItemInCheckboxByName(formId, checkName, checked ) {
 <form id="form1" method="post" action="backup.php">
 <table cellpadding="5" style="margin-left:auto;margin-right:auto;">
 <?php
+    echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
+
 /// Acummulator for hidden options and proper XHTML output
     $hidden_options = '';
     //Now, check modules and info and show posibilities