From d2df6e0933ec9a91ba2786a6a974bb94aaeb89c8 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Sun, 3 Oct 2004 00:21:26 +0000
Subject: [PATCH] admin/enrol.php is now using sesskey.

Merged from MOODLE_14_STABLE
---
 admin/enrol.php | 9 +++++++--
 admin/index.php | 2 +-
 admin/users.php | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/admin/enrol.php b/admin/enrol.php
index 8dba7c6d2e..6ffe8209da 100644
--- a/admin/enrol.php
+++ b/admin/enrol.php
@@ -16,6 +16,10 @@
         error("Only the admin can use this page");
     }
 
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
+
     $enrol = clean_filename($enrol);
     require_once("$CFG->dirroot/enrol/$enrol/enrol.php");   /// Open the class
 
@@ -27,7 +31,7 @@
 	if ($frm = data_submitted()) {
         if ($enrolment->process_config($frm)) {
             set_config('enrol', $frm->enrol);
-            redirect("enrol.php", get_string("changessaved"), 1);
+            redirect("enrol.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
         }
 	} else {
         $frm = $CFG;
@@ -50,13 +54,14 @@
                    <a href=\"users.php\">$str->users</a> -> $str->enrolments");
 
     echo "<form target=\"{$CFG->framename}\" name=\"enrolmenu\" method=\"post\" action=\"enrol.php\">";
+    echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\">";
     echo "<div align=\"center\"><p><b>";
 
 
 /// Choose an enrolment method
     echo get_string('chooseenrolmethod').': ';
 	choose_from_menu ($options, "enrol", $enrol, "",
-                      "document.location='enrol.php?enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
+                      "document.location='enrol.php?sesskey=$USER->sesskey&enrol='+document.enrolmenu.enrol.options[document.enrolmenu.enrol.selectedIndex].value", "");
 
     echo "</b></p></div>";
     
diff --git a/admin/index.php b/admin/index.php
index 114dbc00ae..8577db4da5 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -321,7 +321,7 @@
                  get_string("uploadusers")."</a> - <font size=\"1\">".
                  get_string("adminhelpuploadusers")."</font><br />";
 
-    $userdata .= "<hr /><font size=+1>&nbsp;</font><a href=\"enrol.php\">".get_string("enrolments")."</a> - <font size=\"1\">".
+    $userdata .= "<hr /><font size=+1>&nbsp;</font><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a> - <font size=\"1\">".
                  get_string("adminhelpenrolments")."</font><br />";
     $userdata .= "<font size=+1>&nbsp;</font><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a> - <font size=\"1\">".
                  get_string("adminhelpassignstudents")."</font><br />";
diff --git a/admin/users.php b/admin/users.php
index 30b99117b1..1f79835ef7 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -34,7 +34,7 @@
                                get_string("adminhelpuploadusers"));
     }
     $table->data[] = array('', '<hr />');
-    $table->data[] = array("<b><a href=\"enrol.php\">".get_string("enrolments")."</a></b>",
+    $table->data[] = array("<b><a href=\"enrol.php?sesskey=$USER->sesskey\">".get_string("enrolments")."</a></b>",
                            get_string("adminhelpenrolments"));
     $table->data[] = array("<b><a href=\"../course/index.php?edit=off\">".get_string("assignstudents")."</a></b>",
                            get_string("adminhelpassignstudents"));
-- 
2.39.5