course/grades.php is using sesskey.

Merged from MOODLE_14_STABLE

diff --git a/course/grades.php b/course/grades.php
index 9775df6e8d046e41b7372049a126b06245f5a74d..487cad9040266d2e7d48b084ee2b42cdcd69cb25 100644 (file)
--- a/course/grades.php
+++ b/course/grades.php
@@ -141,7 +141,7 @@
 
 
 /// OK, we have all the data, now present it to the user
-    if ($download == "xls") {
+    if ($download == "xls" and confirm_sesskey()) {
         require_once("../lib/excel/Worksheet.php");
         require_once("../lib/excel/Workbook.php");
 
@@ -199,7 +199,7 @@
     
         exit;
 
-    } else if ($download == "txt") {
+    } else if ($download == "txt" and confirm_sesskey()) {
 
 /// Print header to force download
 
@@ -254,9 +254,11 @@
         echo "<td>";
         $options["id"] = "$course->id";
         $options["download"] = "xls";
+        $options["sesskey"] = $USER->sesskey;
         print_single_button("grades.php", $options, get_string("downloadexcel"));
         echo "<td>";
         $options["download"] = "txt";
+        $options["sesskey"] = $USER->sesskey;
         print_single_button("grades.php", $options, get_string("downloadtext"));
         echo "</table>";