From: stronk7 Date: Wed, 2 Feb 2005 19:13:24 +0000 (+0000) Subject: Now actions for meta-courses (add, delete...) are using sesskey. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=9da0673aba58856ebe08e0d6d2240a3cbeb3c9b4;p=moodle.git Now actions for meta-courses (add, delete...) are using sesskey. --- diff --git a/course/importstudents.html b/course/importstudents.html index d0d1fd6e2d..9257bd7593 100644 --- a/course/importstudents.html +++ b/course/importstudents.html @@ -1,6 +1,7 @@
+ diff --git a/course/importstudents.php b/course/importstudents.php index 7e5d72f818..da91c3ec9b 100644 --- a/course/importstudents.php +++ b/course/importstudents.php @@ -63,20 +63,20 @@ /// A form was submitted so process the input } else { - if (!empty($frm->add) and !empty($frm->addselect)) { + if (!empty($frm->add) and !empty($frm->addselect) and confirm_sesskey()) { $timestart = $timeend = 0; foreach ($frm->addselect as $addcourse) { if (!add_to_metacourse($course->id,$addcourse)) { error("Could not add the selected course to this meta course!"); } } - } else if (!empty($frm->remove) and !empty($frm->removeselect)) { + } else if (!empty($frm->remove) and !empty($frm->removeselect) and confirm_sesskey()) { foreach ($frm->removeselect as $removecourse) { if (! remove_from_metacourse($course->id,$removecourse)) { error("Could not remove the selected course to this meta course!"); } } - } else if (!empty($frm->showall)) { + } else if (!empty($frm->showall) and confirm_sesskey()) { unset($frm->searchtext); $frm->previoussearch = 0; } @@ -93,7 +93,7 @@ /// Get search results excluding any users already in this course - if (!empty($frm->searchtext) and $previoussearch) { + if (!empty($frm->searchtext) and $previoussearch and confirm_sesskey()) { $searchcourses = get_courses_search(explode(" ",$frm->searchtext),'fullname ASC',0,99999,$numcourses); foreach ($searchcourses as $tmp) { if (array_key_exists($tmp->id,$alreadycourses)) {