admin/enrol.php is now using sesskey.

author stronk7 <stronk7>

Sun, 3 Oct 2004 00:21:26 +0000 (00:21 +0000)

committer stronk7 <stronk7>

Sun, 3 Oct 2004 00:21:26 +0000 (00:21 +0000)
author stronk7 <stronk7>
Sun, 3 Oct 2004 00:21:26 +0000 (00:21 +0000)
committer stronk7 <stronk7>
Sun, 3 Oct 2004 00:21:26 +0000 (00:21 +0000)
diff --git a/admin/enrol.php b/admin/enrol.php

index 8dba7c6d2e3320596ab029107b8413204b58a552..6ffe8209da246b6eb23eb2c24966217d29a21ddf 100644 (file)
--- a/admin/enrol.php
+++ b/admin/enrol.php
@@ -16,6 +16,10 @@
          error("Only the admin can use this page");
      }
  
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
+
      $enrol = clean_filename($enrol);
      require_once("$CFG->dirroot/enrol/$enrol/enrol.php");   /// Open the class
  
@@ -27,7 +31,7 @@
         if ($frm = data_submitted()) {
          if ($enrolment->process_config($frm)) {
              set_config('enrol', $frm->enrol);
-            redirect("enrol.php", get_string("changessaved"), 1);
+            redirect("enrol.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
          }
         } else {
          $frm = $CFG;
@@ -50,13 +54,14 @@
                     <a href=\"users.php\">$str->users</a> -> $str->enrolments");
  
      echo "<form target=\"{$CFG->framename}\" name=\"enrolmenu\" method=\"post\" action=\"enrol.php\">";
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\">";
      echo "<div align=\"center\"><p><b>";
  
  
  /// Choose an enrolment method
      echo get_string('chooseenrolmethod').': ';
         choose_from_menu ($options, "enrol", $enrol, "",
-                      "document.location='enrol.php?enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
+                      "document.location='enrol.php?sesskey=$USER->sesskey&enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
  
      echo "</b></p></div>";
      
diff --git a/admin/index.php b/admin/index.php

index 114dbc00aee083c826a1f5715ad323854d8a37bf..8577db4da5775340a998e6fa87142b0d8479f71c 100644 (file)
--- a/admin/index.php
+++ b/admin/index.php
@@ -321,7 +321,7 @@
                   get_string("uploadusers")."</a> - <font size=\"1\">".
                   get_string("adminhelpuploadusers")."</font><br />";
  
-    $userdata .= "<hr /><font size=+1>&nbsp;</font><a href=\"enrol.php\">".get_string("enrolments")."</a> - <font size=\"1\">".
+    $userdata .= "<hr /><font size=+1>&nbsp;</font><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a> - <font size=\"1\">".
                   get_string("adminhelpenrolments")."</font><br />";
      $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a> - <font size=\"1\">".
                   get_string("adminhelpassignstudents")."</font><br />";
diff --git a/admin/users.php b/admin/users.php

index 30b99117b13aac38d25413503fc21d8fb9e7ebac..1f79835ef71d71fffaa727478cae87b51c23c104 100644 (file)
--- a/admin/users.php
+++ b/admin/users.php
@@ -34,7 +34,7 @@
                                 get_string("adminhelpuploadusers"));
      }
      $table->data[] = array('', '<hr />');
-    $table->data[] = array("<b><a href=\"enrol.php\">".get_string("enrolments")."</a></b>",
+    $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a></b>",
                             get_string("adminhelpenrolments"));
      $table->data[] = array("<b><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a></b>",
                             get_string("adminhelpassignstudents"));
author	stronk7 <stronk7>
	Sun, 3 Oct 2004 00:21:26 +0000 (00:21 +0000)
committer	stronk7 <stronk7>
	Sun, 3 Oct 2004 00:21:26 +0000 (00:21 +0000)
admin/enrol.php		patch \| blob \| history
admin/index.php		patch \| blob \| history
admin/users.php		patch \| blob \| history