From: Tim Hunt <T.J.Hunt@open.ac.uk>
Date: Mon, 2 Nov 2009 17:16:28 +0000 (+0000)
Subject: blocks: MDL-20711 prevent XSRF.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=c74eec3bee513b9af20170c1d48968e4dc71f8a4;p=moodle.git

blocks: MDL-20711 prevent XSRF.
Uses new require_sesskey function from MDL-20702.
---

diff --git a/lib/blocklib.php b/lib/blocklib.php
index e7e01e5abb..b6e6489aa5 100644
--- a/lib/blocklib.php
+++ b/lib/blocklib.php
@@ -959,7 +959,7 @@ class block_manager {
             return false;
         }
 
-        confirm_sesskey();
+        require_sesskey();
 
         if (!$this->page->user_can_edit_blocks()) {
             throw new moodle_exception('nopermissions', '', $this->page->url->out(), get_string('addblock'));
@@ -987,7 +987,7 @@ class block_manager {
             return false;
         }
 
-        confirm_sesskey();
+        require_sesskey();
 
         $block = $this->page->blocks->find_instance($blockid);
 
@@ -1016,7 +1016,7 @@ class block_manager {
             return false;
         }
 
-        confirm_sesskey();
+        require_sesskey();
 
         $block = $this->page->blocks->find_instance($blockid);
 
@@ -1046,7 +1046,7 @@ class block_manager {
             return false;
         }
 
-        confirm_sesskey();
+        require_sesskey();
         require_once($CFG->dirroot . '/blocks/edit_form.php');
 
         $block = $this->find_instance($blockid);
@@ -1169,7 +1169,7 @@ class block_manager {
             return false;
         }
 
-        confirm_sesskey();
+        require_sesskey();
 
         $block = $this->find_instance($blockid);