From a60399f0fe667adb56da91aa34588f1e938ac154 Mon Sep 17 00:00:00 2001 From: stronk7 Date: Sat, 9 Oct 2004 18:51:12 +0000 Subject: [PATCH] course/student.php is using sesskey. Merged from MOODLE_14_STABLE --- course/student.html | 1 + course/student.php | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/course/student.html b/course/student.html index 6784ce35b9..fc5176a799 100644 --- a/course/student.html +++ b/course/student.html @@ -1,6 +1,7 @@
+ diff --git a/course/student.php b/course/student.php index 5fa6997fa2..c24c7c648f 100644 --- a/course/student.php +++ b/course/student.php @@ -67,7 +67,7 @@ /// A form was submitted so process the input } else { - if (!empty($frm->add) and !empty($frm->addselect)) { + if (!empty($frm->add) and !empty($frm->addselect) and confirm_sesskey()) { if ($course->enrolperiod) { $timestart = time(); $timeend = $timestart + $course->enrolperiod; @@ -79,7 +79,7 @@ error("Could not add student with id $addstudent to this course!"); } } - } else if (!empty($frm->remove) and !empty($frm->removeselect)) { + } else if (!empty($frm->remove) and !empty($frm->removeselect) and confirm_sesskey()) { foreach ($frm->removeselect as $removestudent) { if (! unenrol_student($removestudent, $course->id)) { error("Could not remove student with id $removestudent from this course!"); @@ -135,6 +135,8 @@ print_simple_box_start("center", "", "$THEME->cellheading"); + $sesskey = !empty($USER->id) ? $USER->sesskey : ''; + include('student.html'); print_simple_box_end(); -- 2.39.5