From 1639731bf8ba93bd030a5b03fe1b51f8c5b7ab93 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Fri, 14 Nov 2008 08:52:35 +0000
Subject: [PATCH] MDL-17227 forum: add sesskey to post/discussion deletion.
 Merged from 19_STABLE

---
 mod/forum/post.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mod/forum/post.php b/mod/forum/post.php
index 721f8d4bad..ec84a584bf 100644
--- a/mod/forum/post.php
+++ b/mod/forum/post.php
@@ -264,7 +264,7 @@
 
         $replycount = forum_count_replies($post);
 
-        if (!empty($confirm)) {    // User has confirmed the delete
+        if (!empty($confirm) && confirm_sesskey()) {    // User has confirmed the delete
 
             if ($post->totalscore) {
                 notice(get_string("couldnotdeleteratings", "forum"),
@@ -319,7 +319,7 @@
                 }
                 print_header();
                 notice_yesno(get_string("deletesureplural", "forum", $replycount+1),
-                             "post.php?delete=$delete&amp;confirm=$delete",
+                             "post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
 
                 forum_print_post($post, $discussion, $forum, $cm, $course, false, false, false);
@@ -332,7 +332,7 @@
             } else {
                 print_header();
                 notice_yesno(get_string("deletesure", "forum", $replycount),
-                             "post.php?delete=$delete&amp;confirm=$delete",
+                             "post.php?delete=$delete&amp;confirm=$delete&amp;sesskey=".sesskey(),
                              $CFG->wwwroot.'/mod/forum/discuss.php?d='.$post->discussion.'#p'.$post->id);
                 forum_print_post($post, $discussion, $forum, $cm, $course, false, false, false);
             }
-- 
2.39.5