From e2b459ad22c129be351552291c85d8ce6c1e35ea Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Sun, 3 Oct 2004 00:07:27 +0000
Subject: [PATCH] admin/editor.php is now using sesskey.

Merged from MOODLE_14_STABLE
---
 admin/configure.php |  2 +-
 admin/editor.html   |  2 ++
 admin/editor.php    | 10 +++++++---
 admin/index.php     |  2 +-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/admin/configure.php b/admin/configure.php
index 1059df1de6..44adfdf334 100644
--- a/admin/configure.php
+++ b/admin/configure.php
@@ -41,7 +41,7 @@
                                get_string("adminhelpbackup"));
     }
 
-    $table->data[]= array("<b><a href=\"editor.php\">". get_string("editorsettings") ."</a></b>",
+    $table->data[]= array("<b><a href=\"editor.php?sesskey=$USER->sesskey\">". get_string("editorsettings") ."</a></b>",
                     get_string("adminhelpeditorsettings"));
 
     print_table($table);
diff --git a/admin/editor.html b/admin/editor.html
index 211e2b6a56..00a7a2c3c8 100644
--- a/admin/editor.html
+++ b/admin/editor.html
@@ -1,4 +1,5 @@
 <form method="post" action="<?php print($GLOBALS['ME']);?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 <table border="0" cellpadding="4" cellspacing="2">
 <tr valign="top">
     <td align="right"><p>htmleditor:</td>
@@ -76,6 +77,7 @@
 </form>
 
 <form method="post" action="<?php print($GLOBALS['ME']);?>">
+<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>">
 <center>
 <input type="submit" name="resettodefaults" value="<?php print_string('editorresettodefaults') ?>" />
 </center>
diff --git a/admin/editor.php b/admin/editor.php
index 32305b60f2..614fecb9ef 100644
--- a/admin/editor.php
+++ b/admin/editor.php
@@ -8,7 +8,11 @@
         error("Only admins can access this page");
     }
 
-    if($data = data_submitted()) {
+    if (!confirm_sesskey()) {
+        error(get_string('confirmsesskeybad', 'error'));
+    }
+
+    if ($data = data_submitted()) {
 
         // do we want default values?
         if(isset($data->resettodefaults)) {
@@ -21,7 +25,7 @@
                 error("Editor settings could not be updated!");
             }
         }
-        redirect("$CFG->wwwroot/$CFG->admin/editor.php", get_string("changessaved"), 1);
+        redirect("$CFG->wwwroot/$CFG->admin/editor.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
 
     } else {
         // Generate edit form
@@ -131,4 +135,4 @@ function reset_to_defaults () {
     }
     return true;
 }
-?>
\ No newline at end of file
+?>
diff --git a/admin/index.php b/admin/index.php
index b4951f3f3c..114dbc00ae 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -303,7 +303,7 @@
         $configdata .= "<font size=+1>&nbsp;</font><a href=\"backup.php?sesskey=$USER->sesskey\">".get_string("backup")."</a> - <font size=\"1\">".
                         get_string("adminhelpbackup")."</font><br />";
     }
-    $configdata .= "<font size=+1>&nbsp;</font><a href=\"editor.php\">". get_string("editorsettings") ."</a> - <font size=\"1\">".
+    $configdata .= "<font size=+1>&nbsp;</font><a href=\"editor.php?sesskey=$USER->sesskey\">". get_string("editorsettings") ."</a> - <font size=\"1\">".
                     get_string("adminhelpeditorsettings")."</font><br />";
 
     $table->data[] = array("<font size=+1><b><a href=\"configure.php\">".get_string("configuration")."</a></b>", 
-- 
2.39.5