MDL-20663 (Correctly) added sesskey confirmation

author Nicolas Connault <nicolasconnault@gmail.com>

Thu, 29 Oct 2009 09:01:58 +0000 (09:01 +0000)

committer Nicolas Connault <nicolasconnault@gmail.com>

Thu, 29 Oct 2009 09:01:58 +0000 (09:01 +0000)
author Nicolas Connault <nicolasconnault@gmail.com>
Thu, 29 Oct 2009 09:01:58 +0000 (09:01 +0000)
committer Nicolas Connault <nicolasconnault@gmail.com>
Thu, 29 Oct 2009 09:01:58 +0000 (09:01 +0000)
diff --git a/grade/report/grader/ajax_callbacks.php b/grade/report/grader/ajax_callbacks.php

index 0c7ae059a4249bf415ffb9cd3ad1115c5284faea..a1ef4445e33a8a71cd0f01e208ec8ff93a278e9c 100644 (file)
--- a/grade/report/grader/ajax_callbacks.php
+++ b/grade/report/grader/ajax_callbacks.php
@@ -35,10 +35,12 @@ if (!$course = $DB->get_record('course', array('id' => $courseid))) {
  }
  $context = get_context_instance(CONTEXT_COURSE, $course->id);
  require_login($course);
-confirm_sesskey();
  
  switch ($action) {
      case 'update':
+        if (!confirm_sesskey()) {
+            break;
+        }
          require_capability('moodle/grade:edit', $context);
  
          if (!empty($userid) && !empty($itemid) && $newvalue !== false && !empty($type)) {
author	Nicolas Connault <nicolasconnault@gmail.com>
	Thu, 29 Oct 2009 09:01:58 +0000 (09:01 +0000)
committer	Nicolas Connault <nicolasconnault@gmail.com>
	Thu, 29 Oct 2009 09:01:58 +0000 (09:01 +0000)