quiz: MDL-20706 prevent XSRF.

Uses new require_sesskey function from MDL-20702.

diff --git a/mod/quiz/processattempt.php b/mod/quiz/processattempt.php
index cbabdc5094aed2a38061995233c5fc60d230dccd..fef967d8cf2b0d53913b4d9f2a277c2d8a0c443d 100644 (file)
--- a/mod/quiz/processattempt.php
+++ b/mod/quiz/processattempt.php
@@ -44,7 +44,7 @@ if ($timeup) {
 
 /// Check login.
 require_login($attemptobj->get_courseid(), false, $attemptobj->get_cm());
-confirm_sesskey();
+require_sesskey();
 
 /// Check that this attempt belongs to this user.
 if ($attemptobj->get_userid() != $USER->id) {

diff --git a/mod/quiz/review.php b/mod/quiz/review.php
index 7eb76063ce2aa71642b930b697bf47ebf945a8c9..d744696a5f21953ad08bfc2c52289f18078c3544 100644 (file)
--- a/mod/quiz/review.php
+++ b/mod/quiz/review.php
@@ -62,7 +62,7 @@
 
 /// Save the flag states, if they are being changed.
     if ($options->flags == QUESTION_FLAGSEDITABLE && optional_param('savingflags', false, PARAM_BOOL)) {
-        confirm_sesskey();
+        require_sesskey();
         $formdata = data_submitted();
 
         question_save_flags($formdata, $attemptid, $questionids);