From a19dffc0213f79b316a008f6d2527ec6a8ae5ff9 Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Fri, 20 Nov 2009 08:25:11 +0000 Subject: [PATCH] MDL-20901 fixed input validation, unfortunately the assignment in HEAD is borked in several places --- mod/assignment/lib.php | 8 +++++--- .../type/offline/assignment.class.php | 2 +- .../type/upload/assignment.class.php | 18 ++++++++++-------- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/mod/assignment/lib.php b/mod/assignment/lib.php index 3010937e2e..864756a90d 100644 --- a/mod/assignment/lib.php +++ b/mod/assignment/lib.php @@ -562,7 +562,7 @@ class assignment_base { ///3) Save and Skip to the next one on the popup //make user global so we can use the id - global $USER, $OUTPUT; + global $USER, $OUTPUT, $DB, $PAGE; $mailinfo = optional_param('mailinfo', null, PARAM_BOOL); if (is_null($mailinfo)) { @@ -958,6 +958,7 @@ class assignment_base { echo ''; echo ''; echo ''; + echo ''; echo ''; echo '';//selected menu index @@ -1408,6 +1409,7 @@ class assignment_base { echo ''; echo ''; echo ''; + echo ''; echo ''; } @@ -1471,7 +1473,7 @@ class assignment_base { global $CFG, $USER, $DB; require_once($CFG->libdir.'/gradelib.php'); - if (!$feedback = data_submitted()) { // No incoming data? + if (!$feedback = data_submitted() or !confirm_sesskey()) { // No incoming data? return false; } @@ -1537,7 +1539,7 @@ class assignment_base { require_once($CFG->libdir.'/gradelib.php'); - if (!$formdata = data_submitted()) { + if (!$formdata = data_submitted() or !confirm_sesskey()) { return; } diff --git a/mod/assignment/type/offline/assignment.class.php b/mod/assignment/type/offline/assignment.class.php index a7c4309eda..fb99b73d31 100644 --- a/mod/assignment/type/offline/assignment.class.php +++ b/mod/assignment/type/offline/assignment.class.php @@ -41,7 +41,7 @@ class assignment_offline extends assignment_base { global $CFG, $USER, $DB; require_once($CFG->libdir.'/gradelib.php'); - if (!$feedback = data_submitted()) { // No incoming data? + if (!$feedback = data_submitted() or !confirm_sesskey()) { // No incoming data? return false; } diff --git a/mod/assignment/type/upload/assignment.class.php b/mod/assignment/type/upload/assignment.class.php index 4c349ef42f..c6d5985014 100644 --- a/mod/assignment/type/upload/assignment.class.php +++ b/mod/assignment/type/upload/assignment.class.php @@ -197,6 +197,7 @@ class assignment_upload extends assignment_base { echo '
'; echo '
'; echo ''; + echo ''; echo ''; echo ''; echo '
'; @@ -645,9 +646,9 @@ class assignment_upload extends assignment_base { redirect($returnurl); // probably already graded, redirect to assignment page, the reason should be obvious } - if (!data_submitted() or !$confirm) { + if (!data_submitted() or !$confirm or !confirm_sesskey()) { $optionsno = array('id'=>$this->cm->id); - $optionsyes = array ('id'=>$this->cm->id, 'confirm'=>1, 'action'=>'finalize'); + $optionsyes = array ('id'=>$this->cm->id, 'confirm'=>1, 'action'=>'finalize', 'sesskey'=>sesskey()); $this->view_header(get_string('submitformarking', 'assignment')); echo $OUTPUT->heading(get_string('submitformarking', 'assignment')); echo $OUTPUT->confirm(get_string('onceassignmentsent', 'assignment'), new moodle_url('upload.php', $optionsyes),new moodle_url( 'view.php', $optionsno)); @@ -687,7 +688,7 @@ class assignment_upload extends assignment_base { // create but do not add student submission date $submission = $this->get_submission($userid, true, true); - if (!data_submitted() or !$this->can_finalize($submission)) { + if (!data_submitted() or !$this->can_finalize($submission) or !confirm_sesskey()) { redirect($returnurl); // probably closed already } @@ -715,7 +716,8 @@ class assignment_upload extends assignment_base { if (data_submitted() and $submission = $this->get_submission($userid) - and $this->can_unfinalize($submission)) { + and $this->can_unfinalize($submission) + and confirm_sesskey()) { $updated = new object(); $updated->id = $submission->id; @@ -769,8 +771,8 @@ class assignment_upload extends assignment_base { $urlreturn = 'submissions.php'; $optionsreturn = array('id'=>$this->cm->id, 'offset'=>$offset, 'mode'=>$mode, 'userid'=>$userid); - if (!data_submitted() or !$confirm) { - $optionsyes = array ('id'=>$this->cm->id, 'file'=>$file, 'userid'=>$userid, 'confirm'=>1, 'action'=>'response', 'mode'=>$mode, 'offset'=>$offset); + if (!data_submitted() or !$confirm or !confirm_sesskey()) { + $optionsyes = array ('id'=>$this->cm->id, 'file'=>$file, 'userid'=>$userid, 'confirm'=>1, 'action'=>'response', 'mode'=>$mode, 'offset'=>$offset, 'sesskey'=>sesskey()); $PAGE->set_title(get_string('delete')); echo $OUTPUT->header(); echo $OUTPUT->heading(get_string('delete')); @@ -827,8 +829,8 @@ class assignment_upload extends assignment_base { die; } - if (!data_submitted() or !$confirm) { - $optionsyes = array ('id'=>$this->cm->id, 'file'=>$file, 'userid'=>$userid, 'confirm'=>1, 'sesskey'=>sesskey(), 'mode'=>$mode, 'offset'=>$offset); + if (!data_submitted() or !$confirm or !confirm_sesskey()) { + $optionsyes = array ('id'=>$this->cm->id, 'file'=>$file, 'userid'=>$userid, 'confirm'=>1, 'sesskey'=>sesskey(), 'mode'=>$mode, 'offset'=>$offset, 'sesskey'=>sesskey()); if (empty($mode)) { $this->view_header(get_string('delete')); } else { -- 2.39.5