]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 740c444)
course/groups.php is using sesskey.
authorstronk7 <stronk7>
Sat, 9 Oct 2004 12:03:55 +0000 (12:03 +0000)
committerstronk7 <stronk7>
Sat, 9 Oct 2004 12:03:55 +0000 (12:03 +0000)
Merged from MOODLE_14_STABLE

course/groups-edit.html patch | blob | history
course/groups.php patch | blob | history

diff --git a/course/groups-edit.html b/course/groups-edit.html
index 04da8d6b99d5d2e5e3698713b3d69590768e0f63..3eeae5243b35f54934b49facb3c72e0bbd711475 100755 (executable)
--- a/course/groups-edit.html
+++ b/course/groups-edit.html
@@ -87,6 +87,7 @@ function groupWindow(selectgroup) {
         <form name="form1" id="form1" method="post" action="groups.php">
           <input type="hidden" name="id" value="<?php p($course->id) ?>" />
           <input type="hidden" name="groupid" value="<?php p($selectedgroup) ?>" />
+          <input type="hidden" name="sesskey" value="<?php p($sesskey) ?>">
           <select name="nonmembers[]" size="15" multiple="multiple">
             <?php 
                 if (!empty($nonmembers)) {
@@ -113,6 +114,7 @@ function groupWindow(selectgroup) {
       <td class="generalboxcontent"><p>
         <form name="form2" id="form2" method="post" action="groups.php">
           <input type="hidden" name="id" value="<?php p($course->id) ?>" />
+          <input type="hidden" name="sesskey" value="<?php p($sesskey) ?>">
           <select name="groups" size="15" onChange="updateMembers(this)">
             <?php 
                 if (!empty($listgroups)) {
@@ -146,6 +148,7 @@ function groupWindow(selectgroup) {
         <form name="form3" id="form3" method="post" action="groups.php">
           <input type="hidden" name="id" value="<?php p($course->id) ?>" />
           <input type="hidden" name="groupid" value="<?php p($selectedgroup) ?>" />
+          <input type="hidden" name="sesskey" value="<?php p($sesskey) ?>">
           <select name="members[]" size="15" multiple="multiple">
             <?php 
                 if (!empty($members)) {
diff --git a/course/groups.php b/course/groups.php
index 081beefe0a994bfd6478371965e5fb7ff833311e..a95030bc321354f2783b6598762ed37a958419a2 100644 (file)
--- a/course/groups.php
+++ b/course/groups.php
@@ -82,7 +82,7 @@
 
 /// We are in editing mode.  First, process any inputs there may be.
 
-    if ($data = data_submitted()) {
+    if ($data = data_submitted() and confirm_sesskey()) {
 
         if (!empty($data->nonmembersadd)) {            /// Add people to a group
             if (!empty($data->nonmembers) and !empty($data->groupid)) {
@@ -219,6 +219,8 @@
         $members = $listmembers[$selectedgroup];
     }
 
+    $sesskey = !empty($USER->id) ? $USER->sesskey : '';
+
 /// Print out the complete form
 
     include('groups-edit.html');
Unnamed repository; edit this file to name it for gitweb.