From: moodler Date: Mon, 4 Oct 2004 13:50:37 +0000 (+0000) Subject: Merged sesskey fixes from STABLE X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=03c40645c1026d429c9a7f58098c1be1610be09d;p=moodle.git Merged sesskey fixes from STABLE --- diff --git a/admin/config.html b/admin/config.html index 54653e52ca..5a141074aa 100644 --- a/admin/config.html +++ b/admin/config.html @@ -659,7 +659,8 @@ - "> + + " /> diff --git a/admin/config.php b/admin/config.php index 8d70723979..f8b1f94082 100644 --- a/admin/config.php +++ b/admin/config.php @@ -22,6 +22,12 @@ if ($config = data_submitted($match)) { + if (isset($USER)) { // Additional identity check + if (!confirm_sesskey()) { + error(get_string('confirmsesskeybad', 'error')); + } + } + validate_form($config, $err); if (count($err) == 0) { @@ -82,6 +88,8 @@ echo "
"; } + $sesskey = isset($USER) ? $USER->sesskey : ''; + print_simple_box_start("center", "", "$THEME->cellheading"); include("config.html"); print_simple_box_end(); @@ -110,10 +118,9 @@ function validate_form(&$form, &$err) { - // if (empty($form->fullname)) - // $err["fullname"] = get_string("missingsitename"); + // Currently no checks are needed ... - return; + return true; } diff --git a/admin/site.html b/admin/site.html index 21c58ecf64..b406720c43 100644 --- a/admin/site.html +++ b/admin/site.html @@ -1,4 +1,4 @@ -
> + @@ -111,10 +111,5 @@ + - - diff --git a/admin/site.php b/admin/site.php index a55d73bb09..aa9bdd2ca7 100644 --- a/admin/site.php +++ b/admin/site.php @@ -14,6 +14,12 @@ if ($form = data_submitted()) { + if (isset($USER)) { // Additional identity check + if (!confirm_sesskey()) { + error(get_string('confirmsesskeybad', 'error')); + } + } + validate_form($form, $err); if (count($err) == 0) { @@ -108,17 +114,22 @@ print_heading($strsitesettings); } - $defaultformat = FORMAT_HTML; - if ($usehtmleditor = can_use_richtext_editor()) { - $onsubmit = "onsubmit=\"copyrichtext(form.summary);\""; - } else { - $onsubmit = ""; + if (!isset($USER)) { + $USER->htmleditor = true; } + $usehtmleditor = can_use_html_editor(); + $defaultformat = FORMAT_HTML; + + $sesskey = isset($USER) ? $USER->sesskey : ''; print_simple_box_start("center", "", "$THEME->cellheading"); include("site.html"); print_simple_box_end(); + if ($usehtmleditor) { + use_html_editor(); + } + if (!$firsttime) { print_footer(); } diff --git a/admin/timezone.php b/admin/timezone.php index 1fb3740f91..028e6080e5 100644 --- a/admin/timezone.php +++ b/admin/timezone.php @@ -17,7 +17,7 @@ print_heading(""); - if (isset($zone)) { + if (isset($zone) and confirm_sesskey()) { $db->debug = true; echo "
"; execute_sql("UPDATE {$CFG->prefix}user SET timezone = '$zone'"); @@ -47,11 +47,12 @@ } } - echo "
"; + echo '
'; echo "$strusers ($strall): "; choose_from_menu ($timezones, "zone", $user->timezone, get_string("serverlocaltime"), "", "99"); + echo "sesskey\">"; echo ""; - echo ""; + echo "
"; print_footer(); diff --git a/admin/upgradelogs.php b/admin/upgradelogs.php index 07771ba590..dc7fabdaf1 100644 --- a/admin/upgradelogs.php +++ b/admin/upgradelogs.php @@ -33,10 +33,12 @@ if (empty($_GET['confirm'])) { notice_yesno(get_string("upgradelogsinfo", "admin"), - "upgradelogs.php?confirm=true", + "upgradelogs.php?confirm=true&sesskey=$USER->sesskey", "index.php"); print_footer(); exit; + } else if (!confirm_sesskey()) { + error(get_string('confirmsesskeybad', 'error')); } diff --git a/admin/user.php b/admin/user.php index 7516344835..4af033c8be 100644 --- a/admin/user.php +++ b/admin/user.php @@ -119,7 +119,7 @@ "$strusers -> $stredituser"); } - if ($confirmuser) { + if ($confirmuser and confirm_sesskey()) { if (!$user = get_record("user", "id", "$confirmuser")) { error("No such user!"); } @@ -309,7 +309,7 @@ $strlastaccess = get_string("never"); } if ($user->confirmed == 0) { - $confirmbutton = "id\">" . get_string("confirm") . ""; + $confirmbutton = "id&sesskey=$USER->sesskey\">" . get_string("confirm") . ""; } else { $confirmbutton = ""; }

: