From 16567e7ef96d95624798f164555a9a43c50c8486 Mon Sep 17 00:00:00 2001 From: stronk7 Date: Sat, 2 Oct 2004 23:34:09 +0000 Subject: [PATCH] admin/blocks.php is now using sesskey. Merged from MOODLE_14_STABLE --- admin/blocks.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/admin/blocks.php b/admin/blocks.php index 2978797b32..1ab298d717 100644 --- a/admin/blocks.php +++ b/admin/blocks.php @@ -44,21 +44,21 @@ /// If data submitted, then process and store. - if (!empty($_GET['hide'])) { + if (!empty($_GET['hide']) and confirm_sesskey()) { if (!$block = get_record('blocks', 'id', $_GET['hide'])) { error("Block doesn't exist!"); } set_field('blocks', 'visible', '0', 'id', $block->id); // Hide block } - if (!empty($_GET['show'])) { + if (!empty($_GET['show']) and confirm_sesskey() ) { if (!$block = get_record('blocks', 'id', $_GET['show'])) { error("Block doesn't exist!"); } set_field('blocks', 'visible', '1', 'id', $block->id); // Show block } - if (!empty($delete)) { + if (!empty($delete) and confirm_sesskey()) { if (!$block = get_record('blocks', 'id', $delete)) { error("Block doesn't exist!"); @@ -69,7 +69,7 @@ if (!$_GET['confirm']) { notice_yesno(get_string('blockdeleteconfirm', '', $strblockname), - 'blocks.php?delete='.$block->id.'&confirm=1', + 'blocks.php?delete='.$block->id.'&confirm=1&sesskey='.$USER->sesskey, 'blocks.php'); print_footer(); exit; @@ -148,7 +148,7 @@ //$icon = "name/icon.gif\" hspace="10" height="16" width="16" border="0">"; $blockobject = $blockobjects[$blockid]; - $delete = ''.$strdelete.''; + $delete = ''.$strdelete.''; $settings = ''; // By default, no configuration if($blockobject->has_config()) { @@ -159,10 +159,10 @@ $class = ''; // Nothing fancy, by default if ($blocks[$blockid]->visible) { - $visible = ''. + $visible = ''. '\"\"'; } else { - $visible = ''. + $visible = ''. '\"\"'; $class = ' class="dimmed_text"'; // Leading space required! } -- 2.39.5