From 62f62bf9841427dc36c9d1c460c4be9222dfe704 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Tue, 26 Sep 2006 09:25:37 +0000
Subject: [PATCH] admin bookmark cleanup

---
 .../admin_bookmarks/block_admin_bookmarks.php | 18 +++++-----
 blocks/admin_bookmarks/create.php             | 35 ++++++++++---------
 blocks/admin_bookmarks/delete.php             | 13 +++----
 3 files changed, 34 insertions(+), 32 deletions(-)

diff --git a/blocks/admin_bookmarks/block_admin_bookmarks.php b/blocks/admin_bookmarks/block_admin_bookmarks.php
index cbf524fd9c..e332ca0ede 100644
--- a/blocks/admin_bookmarks/block_admin_bookmarks.php
+++ b/blocks/admin_bookmarks/block_admin_bookmarks.php
@@ -26,10 +26,10 @@ class block_admin_bookmarks extends block_base {
     function get_content() {
 
         global $CFG, $USER, $PAGE;
-        
+
         require_once($CFG->libdir.'/adminlib.php');
         $adminroot = admin_get_root();
-        
+
         if ($this->content !== NULL) {
             return $this->content;
         }
@@ -40,31 +40,31 @@ class block_admin_bookmarks extends block_base {
             $bookmarks = explode(',',$USER->preference['admin_bookmarks']);
             // hmm... just a liiitle (potentially) processor-intensive
             // (recall that $adminroot->locate is a huge recursive call... and we're calling it repeatedly here
-            
+
             /// Accessibility: markup as a list.
             $this->content->text .= '<ol class="list">'."\n";
-            
+
             foreach($bookmarks as $bookmark) {
                 $temp = $adminroot->locate($bookmark);
                 if (is_a($temp, 'admin_settingpage')) {
                     $this->content->text .= '<li><a href="' . $CFG->wwwroot . '/' . $CFG->admin . '/settings.php?section=' . $bookmark . '">' . $temp->visiblename . "</a></li>\n";
                 } elseif (is_a($temp, 'admin_externalpage')) {
                     $this->content->text .= '<li><a href="' . $temp->url . '">' . $temp->visiblename . "</a></li>\n";
-                }                
+                }
             }
             $this->content->text .= "</ol>\n";
         } else {
             $bookmarks = array();
         }
-        
+
         if (($section = (isset($PAGE->section) ? $PAGE->section : '')) && (in_array($section, $bookmarks))) {
-            $this->content->footer = '<a href="' . $CFG->wwwroot . '/blocks/admin_bookmarks/delete.php?section=' . $section . '&returnurl=' . $CFG->wwwroot . '">' . get_string('unbookmarkthispage','admin') . '</a>';    
+            $this->content->footer = '<a href="' . $CFG->wwwroot . '/blocks/admin_bookmarks/delete.php?section=' . $section . '&amp;sesskey='.sesskey().'">' . get_string('unbookmarkthispage','admin') . '</a>';
         } elseif ($section = (isset($PAGE->section) ? $PAGE->section : '')) {
-            $this->content->footer = '<a href="' . $CFG->wwwroot . '/blocks/admin_bookmarks/create.php?section=' . $section . '">' . get_string('bookmarkthispage','admin') . '</a>';        
+            $this->content->footer = '<a href="' . $CFG->wwwroot . '/blocks/admin_bookmarks/create.php?section=' . $section . '&amp;sesskey='.sesskey().'">' . get_string('bookmarkthispage','admin') . '</a>';
         } else {
             $this->content->footer = '';
         }
-    
+
         return $this->content;
 
     }
diff --git a/blocks/admin_bookmarks/create.php b/blocks/admin_bookmarks/create.php
index d730dcaaa2..1f365cea43 100644
--- a/blocks/admin_bookmarks/create.php
+++ b/blocks/admin_bookmarks/create.php
@@ -4,46 +4,47 @@ require('../../config.php');
 
 require_once($CFG->libdir.'/adminlib.php');
 $adminroot = admin_get_root();
+require_login();
 
-if ($section = optional_param('section', '', PARAM_ALPHAEXT)) {
+if ($section = optional_param('section', '', PARAM_ALPHAEXT) and confirm_sesskey()) {
 
     if (isset($USER->preference['admin_bookmarks'])) {
         $bookmarks = explode(',',$USER->preference['admin_bookmarks']);
-        
+
         if (in_array($section, $bookmarks)) {
             error(get_string('bookmarkalreadyexists','admin'));
             die;
         }
-        
+
     } else {
         $bookmarks = array();
     }
 
     $temp = $adminroot->locate($section);
-    
+
     if (is_a($temp, 'admin_settingpage') || is_a($temp, 'admin_externalpage')) {
-    
+
         $bookmarks[] = $section;
-    
+
         $bookmarks = implode(',',$bookmarks);
-    
+
         set_user_preference('admin_bookmarks', $bookmarks);
-    
+
     } else {
-   
-        error(get_string('invaludsection','admin')); 
+
+        error(get_string('invaludsection','admin'));
         die;
-        
+
     }
-    
+
     if (is_a($temp, 'admin_settingpage')) {
-    
-        redirect($CFG->wwwroot . '/' . $CFG->admin . '/settings.php?section=' . $section, 'Bookmark added.',1);    
-    
+
+        redirect($CFG->wwwroot . '/' . $CFG->admin . '/settings.php?section=' . $section, get_string('bookmarkadded','admin'), 1);
+
     } elseif (is_a($temp, 'admin_externalpage')) {
-    
+
         redirect($temp->url, get_string('bookmarkadded','admin'), 1);
-        
+
     }
 
 } else {
diff --git a/blocks/admin_bookmarks/delete.php b/blocks/admin_bookmarks/delete.php
index e826f31d3d..63875bff0f 100644
--- a/blocks/admin_bookmarks/delete.php
+++ b/blocks/admin_bookmarks/delete.php
@@ -4,8 +4,9 @@ require('../../config.php');
 
 require_once($CFG->libdir.'/adminlib.php');
 $adminroot = admin_get_root();
+require_login();
 
-if ($section = optional_param('section', '', PARAM_ALPHAEXT)) {
+if ($section = optional_param('section', '', PARAM_ALPHAEXT) and confirm_sesskey()) {
 
     if (isset($USER->preference['admin_bookmarks'])) {
 
@@ -21,13 +22,13 @@ if ($section = optional_param('section', '', PARAM_ALPHAEXT)) {
         unset($bookmarks[$key]);
         $bookmarks = implode(',',$bookmarks);
         set_user_preference('admin_bookmarks', $bookmarks);
-        
+
         $temp = $adminroot->locate($section);
-        
+
         if (is_a($temp, 'admin_externalpage')) {
-            redirect($temp->url, get_string('bookmarkdeleted','admin'),1);
+            redirect($temp->url, get_string('bookmarkdeleted','admin'));
         } elseif (is_a($temp, 'admin_settingpage')) {
-            redirect($CFG->wwwroot . '/' . $CFG->admin . '/settings.php?section=' . $section, 'Bookmark deleted.',1);        
+            redirect($CFG->wwwroot . '/' . $CFG->admin . '/settings.php?section=' . $section, get_string('bookmarkdeleted','admin'), 1);
         } else {
             redirect($CFG->wwwroot, get_string('bookmarkdeleted', 'admin'),1);
         }
@@ -35,7 +36,7 @@ if ($section = optional_param('section', '', PARAM_ALPHAEXT)) {
 
 
     }
-    
+
         error(get_string('nobookmarksforuser','admin'));
     die;
 
-- 
2.39.5