course/unenrol.php is using sesskey.

Merged from MOODLE_14_STABLE

diff --git a/course/unenrol.php b/course/unenrol.php
index 8dac96525b9d8a01c8a28a407c12552974ddb58c..3450588cc5b20b8c1038ad5301692a326362f632 100644 (file)
--- a/course/unenrol.php
+++ b/course/unenrol.php
@@ -28,7 +28,7 @@
         error("You are not allowed to unenroll");
     }
 
-    if (isset($confirm)) {
+    if (isset($confirm) and confirm_sesskey()) {
 
         if (! unenrol_student($user->id, $course->id)) {
             error("An error occurred while trying to unenrol you.");
@@ -56,7 +56,7 @@
         $strunenrolsure = get_string("unenrolsure", "", fullname($user, true));
     }
 
-    notice_yesno ($strunenrolsure, "unenrol.php?id=$id&user=$user->id&confirm=yes", "$HTTP_REFERER");
+    notice_yesno ($strunenrolsure, "unenrol.php?id=$id&user=$user->id&confirm=yes&sesskey=$USER->sesskey", "$HTTP_REFERER");
 
     print_footer();