MDL-20901 fixed input validation

diff --git a/mod/glossary/import.html b/mod/glossary/import.html
index 9e32e89014565a8a5337c57e1aa2f027263b6ff8..60dfc17e4ca758976c78b1ee140f7aad9149a395 100644 (file)
--- a/mod/glossary/import.html
+++ b/mod/glossary/import.html
@@ -46,6 +46,7 @@
 </table>
 <div>
 <input type="hidden" name="id" value="<?php p($id) ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
 <input type="hidden" name="step" value="1" />
 </div>
 </form>

diff --git a/mod/glossary/import.php b/mod/glossary/import.php
index ab12f3d785a43c5eafdc32d5b96e8afdd3e202f3..c93c54a5c017bc3b330c483bceb8cb43bfaf3c22 100644 (file)
--- a/mod/glossary/import.php
+++ b/mod/glossary/import.php
@@ -82,6 +82,7 @@ if ( !$step ) {
     exit;
 }
 
+require_sesskey();
 $form = data_submitted();
 $file = $_FILES["file"];
 

diff --git a/mod/glossary/rate.php b/mod/glossary/rate.php
index ad37822d00c744454faf61bba1d1954020e8dc88..1b222f11805d5719f6d06c130a032f0b6324cc55 100644 (file)
--- a/mod/glossary/rate.php
+++ b/mod/glossary/rate.php
@@ -46,7 +46,7 @@
         $returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id;
     }
 
-    if ($data = data_submitted()) {    // form submitted
+    if ($data = data_submitted() and confirm_sesskey()) {    // form submitted
 
     /// Calculate scale values
         $scale_values = make_grades_menu($glossary->scale);

diff --git a/mod/glossary/view.php b/mod/glossary/view.php
index f1d3fdb04d34915f69715b20c7a5fc7c460690e0..581c121d095a46e2562c779a01cb7c98cb644245 100644 (file)
--- a/mod/glossary/view.php
+++ b/mod/glossary/view.php
@@ -417,6 +417,7 @@ if ($allentries) {
         echo "<form method=\"post\" action=\"rate.php\">";
         echo "<div>";
         echo "<input type=\"hidden\" name=\"glossaryid\" value=\"$glossary->id\" />";
+        echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
     }
 
     foreach ($allentries as $entry) {