admin/block.php is now using sesskey.

And bug where one object was used like an array.

Merged from MOODLE_14_STABLE

diff --git a/admin/block.php b/admin/block.php
index a3387c39c9fbb5d5eee8a216c62799f63913ffea..d6eb8da1a61873961e31fb51f154dbcba379b553 100644 (file)
--- a/admin/block.php
+++ b/admin/block.php
@@ -14,6 +14,10 @@
         error("Site isn't defined!");
     }
 
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
+
     require_variable($_REQUEST['block']);
     $blockid = intval($_REQUEST['block']);
 
@@ -28,13 +32,13 @@
 
 /// If data submitted, then process and store.
 
-       if ($config = data_submitted()) {
-           unset($config['block']); // This will always be set if we have reached this point
-           $block->handle_config($config);
+    if ($config = data_submitted()) {
+        unset($config->block); // This will always be set if we have reached this point
+        $block->handle_config($config);
         print_header();
         redirect("$CFG->wwwroot/$CFG->admin/blocks.php", get_string("changessaved"), 1);
         exit;
-       }
+    }
 
 /// Otherwise print the form.
 

diff --git a/admin/blocks.php b/admin/blocks.php
index 359f130baf22dc1934f9a2487407aa663239bf3b..2978797b32cc565de57c8eefacc267021785665b 100644 (file)
--- a/admin/blocks.php
+++ b/admin/blocks.php
@@ -152,7 +152,7 @@
 
         $settings = ''; // By default, no configuration
         if($blockobject->has_config()) {
-            $settings = '<a href="block.php?block='.$blockid.'">'.$strsettings.'</a>';
+            $settings = '<a href="block.php?block='.$blockid.'&sesskey='.$USER->sesskey.'">'.$strsettings.'</a>';
         }
 
         $count = blocks_get_courses_using_block_by_id($blockid);