mirror of
https://github.com/moodle/moodle.git
synced 2025-04-21 00:12:56 +02:00
Merged sesskey fixes from STABLE
This commit is contained in:
moodler
parent
b1eb37620e
commit
03c40645c1
@ -659,7 +659,8 @@
|
||||
|
||||
<tr>
|
||||
<td colspan="3" align="center">
|
||||
<input type="submit" value="<?php print_string("savechanges") ?>"></td>
|
||||
<input type="hidden" name="sesskey" value="<?php p($sesskey) ?>" />
|
||||
<input type="submit" value="<?php print_string("savechanges") ?>" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
@ -22,6 +22,12 @@
|
||||
|
||||
if ($config = data_submitted($match)) {
|
||||
|
||||
if (isset($USER)) { // Additional identity check
|
||||
if (!confirm_sesskey()) {
|
||||
error(get_string('confirmsesskeybad', 'error'));
|
||||
}
|
||||
}
|
||||
|
||||
validate_form($config, $err);
|
||||
|
||||
if (count($err) == 0) {
|
||||
@ -82,6 +88,8 @@
|
||||
echo "<br />";
|
||||
}
|
||||
|
||||
$sesskey = isset($USER) ? $USER->sesskey : '';
|
||||
|
||||
print_simple_box_start("center", "", "$THEME->cellheading");
|
||||
include("config.html");
|
||||
print_simple_box_end();
|
||||
@ -110,10 +118,9 @@
|
||||
|
||||
function validate_form(&$form, &$err) {
|
||||
|
||||
// if (empty($form->fullname))
|
||||
// $err["fullname"] = get_string("missingsitename");
|
||||
// Currently no checks are needed ...
|
||||
|
||||
return;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
<form method="post" action="site.php" name="form" <?php echo $onsubmit ?>>
|
||||
<form method="post" action="site.php" name="form">
|
||||
<table cellpadding="9" cellspacing="0" >
|
||||
<tr valign="top">
|
||||
<td align="right"><p><?php print_string("fullsitename") ?>:</td>
|
||||
@ -111,10 +111,5 @@
|
||||
<input type="hidden" name="id" value="<?php p($form->id) ?>">
|
||||
<input type="hidden" name="category" value="<?php p($form->category) ?>">
|
||||
<input type="hidden" name="format" value="<?php p($form->format) ?>">
|
||||
<input type="hidden" name="sesskey" value="<?php p($sesskey) ?>">
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if ($usehtmleditor) {
|
||||
print_richedit_javascript("form", "summary", "no");
|
||||
}
|
||||
?>
|
||||
|
||||
@ -14,6 +14,12 @@
|
||||
|
||||
if ($form = data_submitted()) {
|
||||
|
||||
if (isset($USER)) { // Additional identity check
|
||||
if (!confirm_sesskey()) {
|
||||
error(get_string('confirmsesskeybad', 'error'));
|
||||
}
|
||||
}
|
||||
|
||||
validate_form($form, $err);
|
||||
|
||||
if (count($err) == 0) {
|
||||
@ -108,17 +114,22 @@
|
||||
print_heading($strsitesettings);
|
||||
}
|
||||
|
||||
$defaultformat = FORMAT_HTML;
|
||||
if ($usehtmleditor = can_use_richtext_editor()) {
|
||||
$onsubmit = "onsubmit=\"copyrichtext(form.summary);\"";
|
||||
} else {
|
||||
$onsubmit = "";
|
||||
if (!isset($USER)) {
|
||||
$USER->htmleditor = true;
|
||||
}
|
||||
$usehtmleditor = can_use_html_editor();
|
||||
$defaultformat = FORMAT_HTML;
|
||||
|
||||
$sesskey = isset($USER) ? $USER->sesskey : '';
|
||||
|
||||
print_simple_box_start("center", "", "$THEME->cellheading");
|
||||
include("site.html");
|
||||
print_simple_box_end();
|
||||
|
||||
if ($usehtmleditor) {
|
||||
use_html_editor();
|
||||
}
|
||||
|
||||
if (!$firsttime) {
|
||||
print_footer();
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
print_heading("");
|
||||
|
||||
if (isset($zone)) {
|
||||
if (isset($zone) and confirm_sesskey()) {
|
||||
$db->debug = true;
|
||||
echo "<center>";
|
||||
execute_sql("UPDATE {$CFG->prefix}user SET timezone = '$zone'");
|
||||
@ -47,11 +47,12 @@
|
||||
}
|
||||
}
|
||||
|
||||
echo "<center><form action=\"timezone\".php method=\"get\">";
|
||||
echo '<center><form action="timezone.php" method="get">';
|
||||
echo "$strusers ($strall): ";
|
||||
choose_from_menu ($timezones, "zone", $user->timezone, get_string("serverlocaltime"), "", "99");
|
||||
echo "<input type=\"hidden\" name=\"sesskey\" value=\"$USER->sesskey\">";
|
||||
echo "<input type=\"submit\" value=\"$strsavechanges\">";
|
||||
echo "</form>";
|
||||
echo "</form></center>";
|
||||
|
||||
print_footer();
|
||||
|
||||
|
||||
@ -33,10 +33,12 @@
|
||||
|
||||
if (empty($_GET['confirm'])) {
|
||||
notice_yesno(get_string("upgradelogsinfo", "admin"),
|
||||
"upgradelogs.php?confirm=true",
|
||||
"upgradelogs.php?confirm=true&sesskey=$USER->sesskey",
|
||||
"index.php");
|
||||
print_footer();
|
||||
exit;
|
||||
} else if (!confirm_sesskey()) {
|
||||
error(get_string('confirmsesskeybad', 'error'));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -119,7 +119,7 @@
|
||||
"<a href=\"users.php\">$strusers</a> -> $stredituser");
|
||||
}
|
||||
|
||||
if ($confirmuser) {
|
||||
if ($confirmuser and confirm_sesskey()) {
|
||||
if (!$user = get_record("user", "id", "$confirmuser")) {
|
||||
error("No such user!");
|
||||
}
|
||||
@ -309,7 +309,7 @@
|
||||
$strlastaccess = get_string("never");
|
||||
}
|
||||
if ($user->confirmed == 0) {
|
||||
$confirmbutton = "<a href=\"user.php?confirmuser=$user->id\">" . get_string("confirm") . "</a>";
|
||||
$confirmbutton = "<a href=\"user.php?confirmuser=$user->id&sesskey=$USER->sesskey\">" . get_string("confirm") . "</a>";
|
||||
} else {
|
||||
$confirmbutton = "";
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user