MDL-20901 fixed input validation

author Petr Skoda <skodak@moodle.org>

Fri, 20 Nov 2009 08:33:33 +0000 (08:33 +0000)

committer Petr Skoda <skodak@moodle.org>

Fri, 20 Nov 2009 08:33:33 +0000 (08:33 +0000)
author Petr Skoda <skodak@moodle.org>
Fri, 20 Nov 2009 08:33:33 +0000 (08:33 +0000)
committer Petr Skoda <skodak@moodle.org>
Fri, 20 Nov 2009 08:33:33 +0000 (08:33 +0000)
diff --git a/mod/survey/save.php b/mod/survey/save.php

index b6934bfa20e8b7bad065d29b800cbf85a8cf03a6..228c932fd0f5b6026bb4b62754f469f94ce947bd 100644 (file)
--- a/mod/survey/save.php
+++ b/mod/survey/save.php
@@ -30,7 +30,7 @@
  
  // Make sure this is a legitimate posting
  
-    if (!$formdata = data_submitted()) {
+    if (!$formdata = data_submitted() or !confirm_sesskey()) {
          print_error('cannotcallscript');
      }
  
diff --git a/mod/survey/view.php b/mod/survey/view.php

index 45a484140efc7981786c1f128d29f6c1e4ddaf76..6b84b6b0659b65e9c5e14e54e61f106351219924 100644 (file)
--- a/mod/survey/view.php
+++ b/mod/survey/view.php
@@ -135,6 +135,7 @@
      echo "<form method=\"post\" action=\"save.php\" id=\"surveyform\">";
      echo '<div>';
      echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />";
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
  
      echo $OUTPUT->box(format_module_intro('survey', $survey, $cm->id), 'generalbox boxaligncenter bowidthnormal', 'intro');
author	Petr Skoda <skodak@moodle.org>
	Fri, 20 Nov 2009 08:33:33 +0000 (08:33 +0000)
committer	Petr Skoda <skodak@moodle.org>
	Fri, 20 Nov 2009 08:33:33 +0000 (08:33 +0000)
mod/survey/save.php		patch \| blob \| history
mod/survey/view.php		patch \| blob \| history