]> git.mjollnir.org Git - moodle.git/commitdiff
projects / moodle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9294237)
MDL-20901 fixed input validation
authorPetr Skoda <skodak@moodle.org>
Sat, 21 Nov 2009 20:41:28 +0000 (20:41 +0000)
committerPetr Skoda <skodak@moodle.org>
Sat, 21 Nov 2009 20:41:28 +0000 (20:41 +0000)
tag/manage.php patch | blob | history

diff --git a/tag/manage.php b/tag/manage.php
index 1c2cf71f99c1de913d46e04ee7ad048eab051ec7..5dac3512ad56ac67824f5f11c9009f187b461f08 100644 (file)
--- a/tag/manage.php
+++ b/tag/manage.php
@@ -116,6 +116,10 @@ switch($action) {
         }
         break;
     case 'addofficialtag':
+        if (!data_submitted() or !confirm_sesskey()) {
+            break;
+        }
+
         $new_otags = explode(',', optional_param('otagsadd', '', PARAM_TAG));
         $notice = '';
         foreach ( $new_otags as $new_otag ) {
@@ -145,6 +149,7 @@ print('<form class="tag-management-form" method="post" action="'.$CFG->wwwroot.'
 print('<input type="hidden" name="action" value="addofficialtag" />');
 print('<div class="tag-management-form generalbox"><label class="accesshide" for="id_otagsadd">'. get_string('addotags', 'tag') .'</label>'.
     '<input name="otagsadd" id="id_otagsadd" type="text" />'.
+    '<input type="hidden" name="sesskey" value="'.sesskey().'">'.
     '<input name="addotags" value="'. get_string('addotags', 'tag') .'" onclick="skipClientValidation = true;" id="id_addotags" type="submit" />'.
     '</div>');
 print('</form>');
Unnamed repository; edit this file to name it for gitweb.