From: stronk7 Date: Sat, 9 Oct 2004 20:16:05 +0000 (+0000) Subject: course/view.php is using sesskey X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=5b224948aa9cfbfda6c4eaceeb9d1e70837bfe6e;p=moodle.git course/view.php is using sesskey (changes in blocks done, please check them) Merged from MOODLE_14_STABLE --- diff --git a/blocks/moodleblock.class.php b/blocks/moodleblock.class.php index b4b8493a1d..69cd7190ac 100644 --- a/blocks/moodleblock.class.php +++ b/blocks/moodleblock.class.php @@ -119,7 +119,7 @@ class MoodleBlock { } function add_edit_controls($options, $blockid) { - global $CFG, $THEME; + global $CFG, $THEME, $USER; // The block may be disabled $blockid = intval($blockid); @@ -143,6 +143,8 @@ class MoodleBlock { } else { $pixpath = $path.'/../theme/'.$CFG->theme.'/pix'; } + + $sesskeystr = '&sesskey='.$USER->sesskey; $movebuttons = '
'; @@ -155,26 +157,26 @@ class MoodleBlock { $title = $this->str->show; } - $movebuttons .= '' . + $movebuttons .= '' . ''; - $movebuttons .= '' . + $movebuttons .= '' . ' '; if ($options & BLOCK_MOVE_LEFT) { - $movebuttons .= '' . + $movebuttons .= '' . ''; } if ($options & BLOCK_MOVE_UP) { - $movebuttons .= '' . + $movebuttons .= '' . ''; } if ($options & BLOCK_MOVE_DOWN) { - $movebuttons .= '' . + $movebuttons .= '' . ''; } if ($options & BLOCK_MOVE_RIGHT) { - $movebuttons .= '' . + $movebuttons .= '' . ''; } diff --git a/course/format/topics/format.php b/course/format/topics/format.php index 8cd777243a..49e3ac5b81 100644 --- a/course/format/topics/format.php +++ b/course/format/topics/format.php @@ -31,7 +31,7 @@ } } - if (isteacher($course->id) and isset($marker)) { + if (isteacher($course->id) and isset($marker) and confirm_sesskey()) { $course->marker = $marker; if (! set_field("course", "marker", $marker, "id", $course->id)) { error("Could not mark that topic for this course"); @@ -222,28 +222,28 @@ if (isediting($course->id)) { if ($course->marker == $section) { // Show the "light globe" on/off - echo "id&marker=0\" title=\"$strmarkedthistopic\">". + echo "id&marker=0&sesskey=$USER->sesskey\" title=\"$strmarkedthistopic\">". "pixpath/i/marked.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" />
"; } else { - echo "id&marker=$section\" title=\"$strmarkthistopic\">". + echo "id&marker=$section&sesskey=$USER->sesskey\" title=\"$strmarkthistopic\">". "pixpath/i/marker.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" />
"; } if ($thissection->visible) { // Show the hide/show eye - echo "id&hide=$section\" title=\"$strtopichide\">". + echo "id&hide=$section&sesskey=$USER->sesskey\" title=\"$strtopichide\">". "pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" />
"; } else { - echo "id&show=$section\" title=\"$strtopicshow\">". + echo "id&show=$section&sesskey=$USER->sesskey\" title=\"$strtopicshow\">". "pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" />
"; } if ($section > 1) { // Add a arrow to move section up - echo "id&section=$section&move=-1\" title=\"$strmoveup\">". + echo "id&section=$section&move=-1&sesskey=$USER->sesskey\" title=\"$strmoveup\">". "pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" />
"; } if ($section < $course->numsections) { // Add a arrow to move section down - echo "id&section=$section&move=1\" title=\"$strmovedown\">". + echo "id&section=$section&move=1&sesskey=$USER->sesskey\" title=\"$strmovedown\">". "pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" />
"; } diff --git a/course/format/weeks/format.php b/course/format/weeks/format.php index 1d09b5f191..be5b94a6ce 100644 --- a/course/format/weeks/format.php +++ b/course/format/weeks/format.php @@ -215,20 +215,20 @@ if (isediting($course->id)) { if ($thissection->visible) { // Show the hide/show eye - echo "id&hide=$section\" title=\"$strweekhide\">". + echo "id&hide=$section&sesskey=$USER->sesskey\" title=\"$strweekhide\">". "pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" />
"; } else { - echo "id&show=$section\" title=\"$strweekshow\">". + echo "id&show=$section&sesskey=$USER->sesskey\" title=\"$strweekshow\">". "pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" />
"; } if ($section > 1) { // Add a arrow to move section up - echo "id&section=$section&move=-1\" title=\"$strmoveup\">". + echo "id&section=$section&move=-1&sesskey=$USER->sesskey\" title=\"$strmoveup\">". "pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" />
"; } if ($section < $course->numsections) { // Add a arrow to move section down - echo "id&section=$section&move=1\" title=\"$strmovedown\">". + echo "id&section=$section&move=1&sesskey=$USER->sesskey\" title=\"$strmovedown\">". "pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" />
"; } diff --git a/course/view.php b/course/view.php index 3e53f96a94..4b9bb40526 100644 --- a/course/view.php +++ b/course/view.php @@ -75,15 +75,15 @@ $editing = $USER->editing; - if (isset($hide)) { + if (isset($hide) and confirm_sesskey()) { set_section_visible($course->id, $hide, '0'); } - if (isset($show)) { + if (isset($show) and confirm_sesskey()) { set_section_visible($course->id, $show, '1'); } - if (isset($_GET['blockaction'])) { + if (isset($_GET['blockaction']) and confirm_sesskey()) { if (isset($_GET['blockid'])) { block_action($course, $leftblocks, $rightblocks, strtolower($_GET['blockaction']), intval($_GET['blockid'])); } @@ -118,7 +118,7 @@ } if (!empty($section)) { - if (!empty($move)) { + if (!empty($move) and confirm_sesskey()) { if (!move_section($course, $section, $move)) { notify("An error occurred while moving a section"); } diff --git a/lib/blocklib.php b/lib/blocklib.php index 6d3ac1c6f3..4884b29f69 100644 --- a/lib/blocklib.php +++ b/lib/blocklib.php @@ -405,6 +405,9 @@ function block_find($blockid, $leftblocks, $rightblocks) { //This function prints the block to admin blocks as necessary function block_print_blocks_admin(&$course, $missingblocks) { + + global $USER; + if (isediting($course->id)) { $strblocks = get_string('blocks'); $stradd = get_string('add'); @@ -425,7 +428,7 @@ function block_print_blocks_admin(&$course, $missingblocks) { else { $target = 'view.php'; } - $content = popup_form($target.'?id='.$course->id.'&blockaction=add&blockid=', + $content = popup_form($target.'?id='.$course->id.'&blockaction=add&sesskey='.$USER->sesskey.'&blockid=', $menu, 'add_block', '', "$stradd...", '', '', true); $content = '
'.$content.'
'; print_side_block($strblocks, $content, NULL, NULL, NULL);