]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c2614a)
admin/editor.php is now using sesskey.
authorstronk7 <stronk7>
Sun, 3 Oct 2004 00:07:27 +0000 (00:07 +0000)
committerstronk7 <stronk7>
Sun, 3 Oct 2004 00:07:27 +0000 (00:07 +0000)
Merged from MOODLE_14_STABLE

admin/configure.php patch | blob | history
admin/editor.html patch | blob | history
admin/editor.php patch | blob | history
admin/index.php patch | blob | history

diff --git a/admin/configure.php b/admin/configure.php
index 1059df1de685093c1a275abbf6e10f162acace32..44adfdf3348729185b02285e5a2e2a96b5124562 100644 (file)
--- a/admin/configure.php
+++ b/admin/configure.php
@@ -41,7 +41,7 @@
                                get_string("adminhelpbackup"));
     }
 
-    $table->data[]= array("<b><a href=\"editor.php\">". get_string("editorsettings") ."</a></b>",
+    $table->data[]= array("<b><a href=\"editor.php?sesskey=$USER->sesskey\">". get_string("editorsettings") ."</a></b>",
                     get_string("adminhelpeditorsettings"));
 
     print_table($table);
diff --git a/admin/editor.html b/admin/editor.html
index 211e2b6a56c7fb93b36a3e3ce05f34e5321b3a95..00a7a2c3c879203ade1b698bfa082d06f8541cc9 100644 (file)
--- a/admin/editor.html
+++ b/admin/editor.html
@@ -1,4 +1,5 @@
 <form method="post" action="<?php print($GLOBALS['ME']);?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 <table border="0" cellpadding="4" cellspacing="2">
 <tr valign="top">
     <td align="right"><p>htmleditor:</td>
@@ -76,6 +77,7 @@
 </form>
 
 <form method="post" action="<?php print($GLOBALS['ME']);?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 <center>
 <input type="submit" name="resettodefaults" value="<?php print_string('editorresettodefaults') ?>" />
 </center>
diff --git a/admin/editor.php b/admin/editor.php
index 32305b60f28ef4864704d8ca6e57fcfdcd2ce3ac..614fecb9ef2757f715a9f1e5b9578b9cebbb31f6 100644 (file)
--- a/admin/editor.php
+++ b/admin/editor.php
@@ -8,7 +8,11 @@
         error("Only admins can access this page");
     }
 
-    if($data = data_submitted()) {
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
+
+    if ($data = data_submitted()) {
 
         // do we want default values?
         if(isset($data->resettodefaults)) {
@@ -21,7 +25,7 @@
                 error("Editor settings could not be updated!");
             }
         }
-        redirect("$CFG->wwwroot/$CFG->admin/editor.php", get_string("changessaved"), 1);
+        redirect("$CFG->wwwroot/$CFG->admin/editor.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
 
     } else {
         // Generate edit form
@@ -131,4 +135,4 @@ function reset_to_defaults () {
     }
     return true;
 }
-?>
\ No newline at end of file
+?>
diff --git a/admin/index.php b/admin/index.php
index b4951f3f3cc551016677dcbe1339d416c07a7a1b..114dbc00aee083c826a1f5715ad323854d8a37bf 100644 (file)
--- a/admin/index.php
+++ b/admin/index.php
@@ -303,7 +303,7 @@
         $configdata .= "<font size=+1>&nbsp;</font><a href=\"backup.php?sesskey=$USER->sesskey\">".get_string("backup")."</a> - <font size=\"1\">".
                         get_string("adminhelpbackup")."</font><br />";
     }
-    $configdata .= "<font size=+1>&nbsp;</font><a href=\"editor.php\">". get_string("editorsettings") ."</a> - <font size=\"1\">".
+    $configdata .= "<font size=+1>&nbsp;</font><a href=\"editor.php?sesskey=$USER->sesskey\">". get_string("editorsettings") ."</a> - <font size=\"1\">".
                     get_string("adminhelpeditorsettings")."</font><br />";
 
     $table->data[] = array("<font size=+1><b><a href=\"configure.php\">".get_string("configuration")."</a></b>", 
Unnamed repository; edit this file to name it for gitweb.