From: Petr Skoda Date: Thu, 19 Nov 2009 19:41:52 +0000 (+0000) Subject: MDL-20901 fixed input validation X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=825ac7f8f94e63af839f2e9f2190fa9dbaaf1491;p=moodle.git MDL-20901 fixed input validation --- diff --git a/enrol/manual/enrol.html b/enrol/manual/enrol.html index fa69f70a3c..4033f84054 100644 --- a/enrol/manual/enrol.html +++ b/enrol/manual/enrol.html @@ -19,6 +19,7 @@ + " /> diff --git a/enrol/manual/enrol.php b/enrol/manual/enrol.php index 67b5a02dce..4f665e1a41 100644 --- a/enrol/manual/enrol.php +++ b/enrol/manual/enrol.php @@ -70,11 +70,11 @@ function print_entry($course) { $PAGE->set_heading($course->fullname); echo $OUTPUT->header(); echo '
'; - echo $OUTPUT->confirm(get_string('enrolmentconfirmation'), "enrol.php?id=$course->id&confirm=1", "enrol.php?id=$course->id&cancel=1"); + echo $OUTPUT->confirm(get_string('enrolmentconfirmation'), "enrol.php?id=$course->id&confirm=1&sesskey=".sesskey(), "enrol.php?id=$course->id&cancel=1"); echo $OUTPUT->footer(); exit; - } else if (!empty($_GET['confirm'])) { + } else if (!empty($_GET['confirm']) and confirm_sesskey()) { if (!enrol_into_course($course, $USER, 'manual')) { print_error('couldnotassignrole'); @@ -140,7 +140,7 @@ function check_entry($form, $course) { $form->password = ''; } - if (empty($course->password)) { + if (empty($course->password) or !confirm_sesskey()) { // do not allow entry when no course password set // automatic login when manual primary, no login when secondary at all!! print_error('invalidenrol');