From: skodak <skodak>
Date: Mon, 11 Sep 2006 06:47:38 +0000 (+0000)
Subject: validate local redirection actions in jumpto.php SC#310
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3435f39bab7731e1600a0e3d422c2baa5040d2e9;p=moodle.git

validate local redirection actions in jumpto.php SC#310
---

diff --git a/course/jumpto.php b/course/jumpto.php
index c634266258..ce4df789f0 100644
--- a/course/jumpto.php
+++ b/course/jumpto.php
@@ -10,6 +10,10 @@
 
     $jump = optional_param('jump', '', PARAM_RAW);
 
+    if (!confirm_sesskey()) {
+        print_error('confirmsesskeybad');
+    }
+
     if (strpos($jump, $CFG->wwwroot) === 0) {            // Anything on this site
         redirect(urldecode($jump));
     } else if (preg_match('/^[a-z]+\.php\?/', $jump)) { 
diff --git a/lib/weblib.php b/lib/weblib.php
index 01ce4f0649..aeebd5f897 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -1053,6 +1053,7 @@ function popup_form($common, $options, $formname, $selected='', $nothing='choose
     }
 
     $output .= '</select>';
+    $output .= '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
     $output .= '<noscript id="noscript'.$formname.'" style="display: inline;">';
     $output .= '<input type="submit" value="'.$go.'" /></noscript>';
     $output .= '<script type="text/javascript">'.