admin/module.php is now using sesskey.

Merged from MOODLE_14_STABLE

diff --git a/admin/module.php b/admin/module.php
index 3985475d244c750c9671006c3e97ea71e7590097..1ab26d4e91e04a11a766803d37dba28557e7301f 100644 (file)
--- a/admin/module.php
+++ b/admin/module.php
@@ -13,6 +13,9 @@
         error("Site isn't defined!");
     }
 
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
 
 /// If data submitted, then process and store.
 

diff --git a/admin/modules.php b/admin/modules.php
index 61cc3ffa194e32ca9164f1602d6c90c5bd776c7b..2ee2b0c26bb3ff51dc5fb4a25556ec738ac17074 100644 (file)
--- a/admin/modules.php
+++ b/admin/modules.php
@@ -165,7 +165,7 @@
         $delete = "<a href=\"modules.php?delete=$module->name\">$strdelete</a>";
 
         if (file_exists("$CFG->dirroot/mod/$module->name/config.html")) {
-            $settings = "<a href=\"module.php?module=$module->name\">$strsettings</a>";
+            $settings = "<a href=\"module.php?module=$module->name&sesskey=$USER->sesskey\">$strsettings</a>";
         } else {
             $settings = "";
         }

diff --git a/mod/assignment/config.html b/mod/assignment/config.html
index b00b76a50955392257e3f2710501474d926c27c2..a0701f3b1e3b9c7a3b9d5797880b939eceb59448 100644 (file)
--- a/mod/assignment/config.html
+++ b/mod/assignment/config.html
@@ -1,4 +1,5 @@
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding=9 cellspacing=0 >
 <tr valign=top>

diff --git a/mod/attendance/config.html b/mod/attendance/config.html
index a31d9b209f48bf97f727f8cf60c8f482dbb11913..6f6137c777d590a75f04ebc05c757506a06dd73a 100644 (file)
--- a/mod/attendance/config.html
+++ b/mod/attendance/config.html
@@ -1,4 +1,5 @@
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding=9 cellspacing=0 >
 <tr valign=top>

diff --git a/mod/chat/config.html b/mod/chat/config.html
index c713b724d5a99eb5d67547bc05196328fdbe3d2f..27c3f25ea7f2154907287fade5adad83de5e4c73 100644 (file)
--- a/mod/chat/config.html
+++ b/mod/chat/config.html
@@ -1,4 +1,5 @@
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding="9" cellspacing="0" >
 

diff --git a/mod/forum/config.html b/mod/forum/config.html
index f4a92a5b0ba5b94d71834837b202b6398f743228..58c422d92f7b263abeca4a9f430246e123aa5133 100644 (file)
--- a/mod/forum/config.html
+++ b/mod/forum/config.html
@@ -1,4 +1,5 @@
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding="9" cellspacing="0" >
 <tr valign="top">

diff --git a/mod/glossary/config.html b/mod/glossary/config.html
index c413966034f19dd77e56efb7833569ebc9ca031c..3b5fdde7d64b6edb39ac0ac7a610c043eee9d85f 100644 (file)
--- a/mod/glossary/config.html
+++ b/mod/glossary/config.html
@@ -3,6 +3,7 @@
     $no  = get_string("no");
 ?>
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding=9 cellspacing=0 >
 <tr valign=top>

diff --git a/mod/glossary/formats.php b/mod/glossary/formats.php
index 90bbd85d651daaab72e0c7041695388412c7718b..f1fdc07a02e94909d4d5d6fd64e69cf557e16c85 100644 (file)
--- a/mod/glossary/formats.php
+++ b/mod/glossary/formats.php
@@ -32,7 +32,7 @@
             }
             update_record("glossary_formats",$displayformat);
         }
-        redirect("../../admin/module.php?module=glossary#formats");
+        redirect("../../admin/module.php?sesskey=$USER->sesskey&module=glossary#formats");
         die;
     } elseif ( $mode == 'edit' and $form) {
         
@@ -44,7 +44,7 @@
         $displayformat->sortorder   = $form->sortorder;
         
         update_record("glossary_formats",$displayformat);
-        redirect("../../admin/module.php?module=glossary#formats");
+        redirect("../../admin/module.php?sesskey=$USER->sesskey&module=glossary#formats");
         die;
     }
     
@@ -57,7 +57,7 @@
     print_header("$strmodulename: $strconfiguration", $site->fullname,
                   "<a href=\"../../admin/index.php\">$stradmin</a> -> ".
                   "<a href=\"../../admin/configure.php\">$strconfiguration</a> -> ".
-                  "<a href=\"../../admin/modules.php\">$strmanagemodules</a> -> <a href=\"../../admin/module.php?module=glossary\">$strmodulename</a> -> $strdisplayformats");
+                  "<a href=\"../../admin/modules.php\">$strmanagemodules</a> -> <a href=\"../../admin/module.php?module=glossary&sesskey=$USER->sesskey\">$strmodulename</a> -> $strdisplayformats");
 
     print_heading($strmodulename . ': ' . get_string("displayformats","glossary"));
 

diff --git a/mod/resource/config.html b/mod/resource/config.html
index 0ca20db9137b337ec46d9b70a6463c9a95133b97..819cf5fd747e6f93da07a8f866755902021d15bf 100644 (file)
--- a/mod/resource/config.html
+++ b/mod/resource/config.html
@@ -1,4 +1,5 @@
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding="9" cellspacing="0" >
 <tr valign="top">

diff --git a/mod/scorm/config.html b/mod/scorm/config.html
index 23e60b919fed0563f4854801e60af2ad57252169..34f2a3815b17a8373299e1d9d529b785a0b4461d 100755 (executable)
--- a/mod/scorm/config.html
+++ b/mod/scorm/config.html
@@ -1,4 +1,5 @@
 <form method="post" action="module.php" name="form">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 
 <table cellpadding="9" cellspacing="0" >
 <tr valign="top">