Modify sesskey behaviour. SC#73

2025-03-14 12:40:01 +01:00 · 2005-01-22 18:53:44 +00:00 · 2005-01-22 18:53:44 +00:00 · 1082105205
commit 1082105205
parent 56b2152f69
20 changed files with 33 additions and 22 deletions
--- a/course/mod.php
+++ b/course/mod.php
@ -25,15 +25,7 @@
    }


-    if (isset($_POST["course"])) {    // add or update form submitted
-
-        //It caller is correct, $SESSION->sesskey must exist and coincide
-        if (empty($SESSION->sesskey) or !confirm_sesskey($SESSION->sesskey)) {
-            error(get_string('confirmsesskeybad', 'error'));
-        }
-
-        //Unset this, check done
-        unset($SESSION->sesskey);
+    if (isset($_POST["course"]) and confirm_sesskey()) {    // add or update form submitted

        if (!$course = get_record("course", "id", $mod->course)) {
            error("This course doesn't exist");
@ -421,7 +413,7 @@
        $form->modulename   = $module->name;
        $form->fullmodulename  = $fullmodulename;
        $form->instancename = $instance->name;
-        $SESSION->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+        $form->sesskey      = !empty($USER->id) ? $USER->sesskey : '';

        $strdeletecheck = get_string("deletecheck", "", "$form->fullmodulename");
        $strdeletecheckfull = get_string("deletecheckfull", "", "$form->fullmodulename '$form->instancename'");
@ -475,7 +467,7 @@
        $form->modulename   = $module->name;
        $form->instance     = $cm->instance;
        $form->mode         = "update";
-        $SESSION->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+        $form->sesskey      = !empty($USER->id) ? $USER->sesskey : '';

        $sectionname    = get_string("name$course->format");
        $fullmodulename = strtolower(get_string("modulename", $module->name));
@ -527,7 +519,7 @@
        $form->modulename   = $module->name;
        $form->instance     = $cm->instance;
        $form->mode         = "add";
-        $SESSION->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+        $form->sesskey      = !empty($USER->id) ? $USER->sesskey : '';

        $sectionname    = get_string("name$course->format");
        $fullmodulename = strtolower(get_string("modulename", $module->name));
@ -566,7 +558,7 @@
        $form->instance   = "";
        $form->coursemodule = "";
        $form->mode       = "add";
-        $SESSION->sesskey = !empty($USER->id) ? $USER->sesskey : '';
+        $form->sesskey    = !empty($USER->id) ? $USER->sesskey : '';
        if (isset($_GET['type'])) {
            $form->type = $_GET['type'];
        }
--- a/course/mod_delete.html
+++ b/course/mod_delete.html
@ -3,6 +3,7 @@
 <input type="hidden" name="mode"         value="delete" />
 <input type="hidden" name="section"      value="<?php p($form->section) ?>" />
 <input type="hidden" name="course"       value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"      value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule" value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="modulename"   value="<?php p($form->modulename) ?>" />
 <input type="hidden" name="instance"     value="<?php p($form->instance) ?>" />
--- a/mod/assignment/mod.html
+++ b/mod/assignment/mod.html
@ -129,6 +129,7 @@
 <br />
 <center>
 <input type="hidden" name="course"        value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php p($form->module) ?>" />
--- a/mod/attendance/mod.html
+++ b/mod/attendance/mod.html
@ -201,6 +201,7 @@ if ($form->hours >1) {
 ?>
 <!-- These hidden variables are always the same -->
 <input type="hidden" name="course"        value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php p($form->module) ?>" />
--- a/mod/chat/mod.html
+++ b/mod/chat/mod.html
@ -96,8 +96,9 @@
 </table>
 <center>
 <input type="hidden" name="course"     value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php  p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php  p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php  p($form->instance) ?>" />
--- a/mod/choice/mod.html
+++ b/mod/choice/mod.html
@ -262,8 +262,9 @@

 <center>
 <input type="hidden" name="course"     value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php p($form->instance) ?>" />
--- a/mod/dialogue/mod.html
+++ b/mod/dialogue/mod.html
@ -96,8 +96,9 @@ print_heading_with_help(get_string("furtherinformation", "dialogue"), "info", "d
 </table>
 <center>
 <input type="hidden" name="course"     value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php p($form->instance) ?>" />
--- a/mod/exercise/mod.html
+++ b/mod/exercise/mod.html
@ -214,8 +214,9 @@

 <center>
 <input type="hidden" name="course"     value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php  p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php  p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php  p($form->instance) ?>" />
--- a/mod/forum/mod.html
+++ b/mod/forum/mod.html
@ -268,8 +268,9 @@
 </table>
 <center>
 <input type="hidden" name="course"     value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php  p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php  p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php  p($form->instance) ?>" />
--- a/mod/glossary/mod.html
+++ b/mod/glossary/mod.html
@ -504,6 +504,7 @@ if (!$mainglossary or $mainglossary->id == $form->instance ) {
 </table>
 <!-- These hidden variables are always the same -->
 <input type="hidden" name="course"        value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php p($form->module) ?>" />
--- a/mod/journal/mod.html
+++ b/mod/journal/mod.html
@ -95,8 +95,9 @@
 </table>
 <center>
 <input type="hidden" name="course"     value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php p($form->instance) ?>" />
--- a/mod/label/mod.html
+++ b/mod/label/mod.html
@ -32,6 +32,7 @@
 </table>
 <!-- these hidden variables are always the same -->
 <input type="hidden" name="course"        value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php  p($form->module) ?>" />
--- a/mod/lesson/mod.html
+++ b/mod/lesson/mod.html
@ -444,6 +444,7 @@ if ($form->mode == "add") {
 </table>
 <!-- These hidden variables are always the same -->
 <input type="hidden" name="course"        value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php  p($form->module) ?>" />
--- a/mod/quiz/mod.html
+++ b/mod/quiz/mod.html
@ -546,6 +546,7 @@

 <!-- these hidden variables are always the same -->
 <input type="hidden" name="course"        value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php p($form->module) ?>" />
@ -564,4 +565,4 @@

 <script language="javascript" type="text/javascript">
    showhide('optionsettings', true);
-</script> 
+</script> 
--- a/mod/resource/type/common.html
+++ b/mod/resource/type/common.html
@ -2,6 +2,7 @@

 <input type="hidden" name="type"         value="<?php p($form->type) ?>" />
 <input type="hidden" name="course"       value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"      value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule" value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="section"      value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"       value="<?php p($form->module) ?>" />
--- a/mod/scorm/mod.html
+++ b/mod/scorm/mod.html
@ -56,6 +56,7 @@
 	</tr>
    </table>
    <input type="hidden" name="course"	value="<?php p($form->course) ?>" />
+    <input type="hidden" name="sesskey"	value="<?php p($form->sesskey) ?>" />
    <input type="hidden" name="coursemodule"	value="<?php p($form->coursemodule) ?>" />
    <input type="hidden" name="datadir"	value="<?php p($form->datadir) ?>" />
    <input type="hidden" name="launch"	value="<?php p($form->launch) ?>" />
--- a/mod/survey/details.php
+++ b/mod/survey/details.php
@ -58,8 +58,9 @@
        <input type="hidden" name="template"   value="<?php p($form->template) ?>" />

        <input type="hidden" name="course"     value="<?php p($form->course) ?>" />
+        <input type="hidden" name="sesskey"    value="<?php p($form->sesskey) ?>" />
        <input type="hidden" name="coursemodule"     value="<?php p($form->coursemodule) ?>" />
-        <input type="hidden" name="section"       value="<?php p($form->section) ?>" />
+        <input type="hidden" name="section"    value="<?php p($form->section) ?>" />
        <input type="hidden" name="module"     value="<?php p($form->module) ?>" />
        <input type="hidden" name="modulename" value="<?php p($form->modulename) ?>" />
        <input type="hidden" name="instance"   value="<?php p($form->instance) ?>" />
--- a/mod/survey/mod.html
+++ b/mod/survey/mod.html
@ -41,6 +41,7 @@
 <input type="hidden" name="destination"   value="<?php echo "$CFG->wwwroot/course/mod.php" ?>" />

 <input type="hidden" name="course"     value="<?php p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php p($form->module) ?>" />
--- a/mod/wiki/mod.html
+++ b/mod/wiki/mod.html
@ -207,6 +207,7 @@
 </table>
 <!-- These hidden variables are always the same -->
 <input type="hidden" name="course"        value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"       value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
 <input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"        value="<?php  p($form->module) ?>" />
--- a/mod/workshop/mod.html
+++ b/mod/workshop/mod.html
@ -424,8 +424,9 @@
 <br />
 <center>
 <input type="hidden" name="course"     value="<?php  p($form->course) ?>" />
+<input type="hidden" name="sesskey"    value="<?php  p($form->sesskey) ?>" />
 <input type="hidden" name="coursemodule"  value="<?php  p($form->coursemodule) ?>" />
-<input type="hidden" name="section"       value="<?php  p($form->section) ?>" />
+<input type="hidden" name="section"    value="<?php  p($form->section) ?>" />
 <input type="hidden" name="module"     value="<?php  p($form->module) ?>" />
 <input type="hidden" name="modulename" value="<?php  p($form->modulename) ?>" />
 <input type="hidden" name="instance"   value="<?php  p($form->instance) ?>" />