From: stronk7 <stronk7>
Date: Fri, 14 Nov 2008 08:52:35 +0000 (+0000)
Subject: MDL-17227 forum: add sesskey to post/discussion deletion. Merged from 19_STABLE
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=1639731bf8ba93bd030a5b03fe1b51f8c5b7ab93;p=moodle.git

MDL-17227 forum: add sesskey to post/discussion deletion. Merged from 19_STABLE
---

diff --git a/mod/forum/post.php b/mod/forum/post.php
index 721f8d4bad..ec84a584bf 100644
--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@@ -264,7 +264,7 @@
 
         $replycount = forum_count_replies($post);
 
-        if (!empty($confirm)) {    // User has confirmed the delete
+        if (!empty($confirm) && confirm_sesskey()) {    // User has confirmed the delete
 
             if ($post->totalscore) {
                 notice(get_string("couldnotdeleteratings", "forum"),
@@ -319,7 +319,7 @@
                 }
                 print_header();
                 notice_yesno(get_string("deletesureplural", "forum", $replycount+1),
-                             "post.php?delete=$delete&amp;confirm=$delete",
+                             "post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
 
                 forum_print_post($post, $discussion, $forum, $cm, $course, false, false, false);
@@ -332,7 +332,7 @@
             } else {
                 print_header();
                 notice_yesno(get_string("deletesure", "forum", $replycount),
-                             "post.php?delete=$delete&amp;confirm=$delete",
+                             "post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
                 forum_print_post($post, $discussion, $forum, $cm, $course, false, false, false);
             }