From d99ceac20f8e404bd6ab9bd505b246058ab26ecd Mon Sep 17 00:00:00 2001 From: stronk7 Date: Sat, 9 Oct 2004 13:22:59 +0000 Subject: [PATCH] course/index.php is using sesskey. Merged form MOODLE_14_STABLE --- admin/index.php | 8 ++++---- admin/users.php | 6 +++--- blocks/admin/block_admin.php | 6 +++--- course/index.php | 25 +++++++++++++------------ lib/weblib.php | 1 + 5 files changed, 24 insertions(+), 22 deletions(-) diff --git a/admin/index.php b/admin/index.php index 2bf4e960bf..25d618c785 100644 --- a/admin/index.php +++ b/admin/index.php @@ -314,7 +314,7 @@ get_string("adminhelpauthentication")."
"; $userdata .= " ".get_string("edituser")." - ". get_string("adminhelpedituser")."
"; - $userdata .= " wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">". + $userdata .= " wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">". get_string("addnewuser")." - ". get_string("adminhelpaddnewuser")."
"; $userdata .= " wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">". @@ -323,10 +323,10 @@ $userdata .= "
 sesskey\">".get_string("enrolments")." - ". get_string("adminhelpenrolments")."
"; - $userdata .= " ".get_string("assignstudents")." - ". + $userdata .= " sesskey\">".get_string("assignstudents")." - ". get_string("adminhelpassignstudents")."
"; - $userdata .= " ".get_string("assignteachers")." - ". + $userdata .= " sesskey\">".get_string("assignteachers")." - ". get_string("adminhelpassignteachers"). " \"\"
"; $userdata .= " sesskey\">".get_string("assigncreators")." - ". @@ -336,7 +336,7 @@ $table->data[] = array("".get_string("users")."", $userdata); - $table->data[] = array("".get_string("courses")."", + $table->data[] = array("sesskey\">".get_string("courses")."", " ".get_string("adminhelpcourses")); $table->data[] = array("id\">".get_string("logs")."", " ".get_string("adminhelplogs")); diff --git a/admin/users.php b/admin/users.php index c287a49383..83359ed309 100644 --- a/admin/users.php +++ b/admin/users.php @@ -28,7 +28,7 @@ $table->data[] = array("".get_string("edituser")."", get_string("adminhelpedituser")); if (is_internal_auth()) { - $table->data[] = array("wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."", + $table->data[] = array("wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."", get_string("adminhelpaddnewuser")); $table->data[] = array("wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."", get_string("adminhelpuploadusers")); @@ -36,9 +36,9 @@ $table->data[] = array('', '
'); $table->data[] = array("sesskey\">".get_string("enrolments")."", get_string("adminhelpenrolments")); - $table->data[] = array("".get_string("assignstudents")."", + $table->data[] = array("sesskey\">".get_string("assignstudents")."", get_string("adminhelpassignstudents")); - $table->data[] = array("".get_string("assignteachers")."", + $table->data[] = array("sesskey\">".get_string("assignteachers")."", get_string("adminhelpassignteachers")." \"\""); $table->data[] = array("sesskey\">".get_string("assigncreators")."", get_string("adminhelpassigncreators")); diff --git a/blocks/admin/block_admin.php b/blocks/admin/block_admin.php index 14abd03a3f..4e3a615e31 100644 --- a/blocks/admin/block_admin.php +++ b/blocks/admin/block_admin.php @@ -1,4 +1,4 @@ -content->items[] = ''.get_string('configuration').'...'; @@ -49,7 +49,7 @@ class CourseBlock_admin extends MoodleBlock { } if (iscreator()) { - $this->content->items[] = ''.get_string('courses').''; + $this->content->items[] = ''.get_string('courses').''; $this->content->icons[] = ''; } diff --git a/course/index.php b/course/index.php index b4c8b5c983..9cf55e185a 100644 --- a/course/index.php +++ b/course/index.php @@ -14,7 +14,7 @@ } if (isadmin()) { - if (isset($_GET['edit'])) { + if (isset($_GET['edit']) and confirm_sesskey()) { if ($edit == "on") { $USER->categoriesediting = true; } else if ($edit == "off") { @@ -84,7 +84,7 @@ /// If data for a new category was submitted, then add it - if ($form = data_submitted()) { + if ($form = data_submitted() and confirm_sesskey()) { if (!empty($form->addcategory)) { unset($newcategory); $newcategory->name = $form->addcategory; @@ -100,7 +100,7 @@ /// Delete a category if necessary - if (isset($delete)) { + if (isset($delete) and confirm_sesskey()) { if ($deletecat = get_record("course_categories", "id", $delete)) { /// Send the children categories to live with their grandparent @@ -145,7 +145,7 @@ /// Move a category to a new parent if required - if (isset($move) and isset($moveto)) { + if (isset($move) and isset($moveto) and confirm_sesskey()) { if ($tempcat = get_record("course_categories", "id", $move)) { if ($tempcat->parent != $moveto) { if (! set_field("course_categories", "parent", $moveto, "id", $tempcat->id)) { @@ -157,7 +157,7 @@ /// Hide or show a category - if (isset($hide) or isset($show)) { + if ((isset($hide) or isset($show)) and confirm_sesskey()) { if (isset($hide)) { $tempcat = get_record("course_categories", "id", $hide); $visible = 0; @@ -178,7 +178,7 @@ /// Move a category up or down - if (isset($moveup) or isset($movedown)) { + if ((isset($moveup) or isset($movedown)) and confirm_sesskey()) { $swapcategory = NULL; $movecategory = NULL; @@ -253,6 +253,7 @@ echo "
"; echo ""; echo ""; + echo "sesskey\" />"; echo "
"; echo ""; @@ -336,23 +337,23 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $ echo ""; /// Print little icons - echo "delete\" href=\"index.php?delete=$category->id\">delete\" href=\"index.php?delete=$category->id&sesskey=$USER->sesskey\"> "; if (!empty($category->visible)) { - echo "hide\" href=\"index.php?hide=$category->id\">hide\" href=\"index.php?hide=$category->id&sesskey=$USER->sesskey\"> "; } else { - echo "show\" href=\"index.php?show=$category->id\">show\" href=\"index.php?show=$category->id&sesskey=$USER->sesskey\"> "; } if ($up) { - echo "moveup\" href=\"index.php?moveup=$category->id\">moveup\" href=\"index.php?moveup=$category->id&sesskey=$USER->sesskey\"> "; } if ($down) { - echo "movedown\" href=\"index.php?movedown=$category->id\">movedown\" href=\"index.php?movedown=$category->id&sesskey=$USER->sesskey\"> "; } echo ""; @@ -365,7 +366,7 @@ function print_category_edit($category, $displaylist, $parentslist, $depth=-1, $ unset($tempdisplaylist[$key]); } } - popup_form ("index.php?move=$category->id&moveto=", $tempdisplaylist, "moveform$category->id", "$category->parent", "", "", "", false); + popup_form ("index.php?move=$category->id&sesskey=$USER->sesskey&moveto=", $tempdisplaylist, "moveform$category->id", "$category->parent", "", "", "", false); echo ""; echo ""; } else { diff --git a/lib/weblib.php b/lib/weblib.php index f70be0fb07..b5c2c59029 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -2501,6 +2501,7 @@ function update_categories_button() { } return "
framename\" method=\"get\" action=\"$CFG->wwwroot/course/index.php\">". ''. + ''. '
'; } } -- 2.39.5