From 4cfc640037aea76239fb33919ba3d8bc806b5607 Mon Sep 17 00:00:00 2001 From: stronk7 Date: Sun, 3 Oct 2004 17:19:36 +0000 Subject: [PATCH] admin/user.php is now using sesskey. Merged from MOODLE_14_STABLE --- admin/index.php | 2 +- admin/user.php | 16 +++++++--------- admin/users.php | 2 +- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/admin/index.php b/admin/index.php index b133284e29..2bf4e960bf 100644 --- a/admin/index.php +++ b/admin/index.php @@ -314,7 +314,7 @@ get_string("adminhelpauthentication")."
"; $userdata .= " ".get_string("edituser")." - ". get_string("adminhelpedituser")."
"; - $userdata .= " wwwroot/$CFG->admin/user.php?newuser=true\">". + $userdata .= " wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">". get_string("addnewuser")." - ". get_string("adminhelpaddnewuser")."
"; $userdata .= " wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">". diff --git a/admin/user.php b/admin/user.php index 77507b5451..7516344835 100644 --- a/admin/user.php +++ b/admin/user.php @@ -1,4 +1,4 @@ -auth = "manual"; $user->firstname = ""; $user->lastname = ""; @@ -135,7 +135,7 @@ notify(get_string("usernotconfirmed", "", fullname($user, true))); } - } else if ($delete) { // Delete a selected user, after confirmation + } else if ($delete and confirm_sesskey()) { // Delete a selected user, after confirmation if (!$user = get_record("user", "id", "$delete")) { error("No such user!"); } @@ -148,7 +148,7 @@ if ($confirm != md5($delete)) { $fullname = fullname($user, true); notice_yesno(get_string("deletecheckfull", "", "'$fullname'"), - "user.php?delete=$delete&confirm=".md5($delete), "user.php"); + "user.php?delete=$delete&confirm=".md5($delete)."&sesskey=$USER->sesskey", "user.php"); exit; } else if (!$user->deleted) { @@ -301,7 +301,7 @@ if ($user->id == $USER->id or $user->username == "changeme") { $deletebutton = ""; } else { - $deletebutton = "id\">$strdelete"; + $deletebutton = "id&sesskey=$USER->sesskey\">$strdelete"; } if ($user->lastaccess) { $strlastaccess = format_time(time() - $user->lastaccess); @@ -333,8 +333,7 @@ } echo ""; echo ""; - print_heading("".get_string("addnewuser").""); - + print_heading("sesskey\">".get_string("addnewuser").""); print_table($table); @@ -344,8 +343,7 @@ } - print_heading("".get_string("addnewuser").""); - + print_heading("sesskey\">".get_string("addnewuser").""); print_footer(); } diff --git a/admin/users.php b/admin/users.php index 771184fa2c..c287a49383 100644 --- a/admin/users.php +++ b/admin/users.php @@ -28,7 +28,7 @@ $table->data[] = array("".get_string("edituser")."", get_string("adminhelpedituser")); if (is_internal_auth()) { - $table->data[] = array("wwwroot/$CFG->admin/user.php?newuser=true\">".get_string("addnewuser")."", + $table->data[] = array("wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."", get_string("adminhelpaddnewuser")); $table->data[] = array("wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."", get_string("adminhelpuploadusers")); -- 2.39.5