From: Petr Skoda <skodak@moodle.org>
Date: Sat, 21 Nov 2009 15:16:09 +0000 (+0000)
Subject: MDL-20901 fixed input validation
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=adef30995b0742d52c67057b1f2bf158e356e2ee;p=moodle.git

MDL-20901 fixed input validation
---

diff --git a/mod/choice/lib.php b/mod/choice/lib.php
index b6029fdf77..6bf3e6f9f7 100644
--- a/mod/choice/lib.php
+++ b/mod/choice/lib.php
@@ -288,6 +288,7 @@ function choice_show_form($choice, $user, $cm, $allresponses) {
     //show save choice button
     echo '<div class="button">';
     echo "<input type=\"hidden\" name=\"id\" value=\"$cm->id\" />";
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
     if (has_capability('mod/choice:choose', $context, $user->id, false)) { //don't show save button if the logged in user is the guest user.
         if ($choicefull) {
             print_string('choicefull', 'choice');
@@ -296,7 +297,7 @@ function choice_show_form($choice, $user, $cm, $allresponses) {
             echo "<input type=\"submit\" value=\"".get_string("savemychoice","choice")."\" />";
         }
         if ($choice->allowupdate && $aaa = $DB->get_record('choice_answers', 'choiceid', $choice->id, 'userid', $user->id)) {
-            echo "<br /><a href='view.php?id=".$cm->id."&amp;action=delchoice'>".get_string("removemychoice","choice")."</a>";
+            echo "<br /><a href='view.php?id=".$cm->id."&amp;action=delchoice&amp;sesskey=".sesskey()."'>".get_string("removemychoice","choice")."</a>";
         }
     } else {
         print_string('havetologin', 'choice');
diff --git a/mod/choice/view.php b/mod/choice/view.php
index c951db2f5e..9c37459dca 100644
--- a/mod/choice/view.php
+++ b/mod/choice/view.php
@@ -35,7 +35,7 @@
         print_error('badcontext');
     }
 
-    if ($action == 'delchoice') {
+    if ($action == 'delchoice' and confirm_sesskey() and has_capability('mod/choice:choose', $context) and $choice->allowupdate) {
         if ($answer = $DB->get_record('choice_answers', array('choiceid' => $choice->id, 'userid' => $USER->id))) {
             //print_object($answer);
             $DB->delete_records('choice_answers', array('id' => $answer->id));
@@ -47,7 +47,7 @@
     echo $OUTPUT->header();
 
 /// Submit any new data if there is any
-    if ($form = data_submitted() && has_capability('mod/choice:choose', $context)) {
+    if ($form = data_submitted() && has_capability('mod/choice:choose', $context) && confirm_sesskey()) {
         $timenow = time();
         if (has_capability('mod/choice:deleteresponses', $context)) {
             if ($action == 'delete') { //some responses need to be deleted