mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 04:52:36 +02:00
Code Issues Projects Releases Wiki Activity

MDL-77320 tool_licensemanager: restrict exposure of user sesskey.

Browse Source
This commit is contained in:
Paul Holden 2023-02-20 12:41:18 +00:00
parent b2d0712748
commit 30e419078f
No known key found for this signature in database
GPG Key ID: A81A96D6045F6164
3 changed files with 14 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
admin/tool/licensemanager/classes/helper.php
View File

@ -14,19 +14,11 @@
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* License manager helper class.
*
* @package tool_licensemanager
* @copyright 2019 Tom Dickman <tomdickman@catalyst-au.net>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_licensemanager;
use moodle_url;
defined('MOODLE_INTERNAL') || die();
/**
* License manager helper class.
@ -48,12 +40,7 @@ class helper {
* @return \moodle_url
*/
public static function get_licensemanager_url() : moodle_url {
global $CFG;
$url = new moodle_url($CFG->wwwroot . self::MANAGER_PATH,
['sesskey' => sesskey()]);
return $url;
return new moodle_url(self::MANAGER_PATH);
}
/**
@ -90,9 +77,8 @@ class helper {
* @return \moodle_url
*/
public static function get_create_license_url() : moodle_url {
$url = new moodle_url(self::MANAGER_PATH,
['action' => manager::ACTION_CREATE, 'sesskey' => sesskey()]);
$url = self::get_licensemanager_url();
$url->params(['action' => manager::ACTION_CREATE]);
return $url;
}
@ -104,9 +90,8 @@ class helper {
* @return \moodle_url
*/
public static function get_update_license_url(string $licenseshortname) : moodle_url {
$url = new moodle_url(self::MANAGER_PATH,
['action' => manager::ACTION_UPDATE, 'license' => $licenseshortname, 'sesskey' => sesskey()]);
$url = self::get_licensemanager_url();
$url->params(['action' => manager::ACTION_UPDATE, 'license' => $licenseshortname]);
return $url;
}

19
admin/tool/licensemanager/classes/manager.php
View File

@ -14,22 +14,12 @@
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* License manager.
*
* @package tool_licensemanager
* @copyright 2019 Tom Dickman <tomdickman@catalyst-au.net>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace tool_licensemanager;
use tool_licensemanager\form\edit_license;
use license_manager;
use stdClass;
defined('MOODLE_INTERNAL') || die();
/**
* License manager, main controller for tool_licensemanager.
*
@ -95,18 +85,25 @@ class manager {
}
$viewmanager = true;
$redirect = helper::get_licensemanager_url();
switch ($action) {
case self::ACTION_DISABLE:
require_sesskey();
license_manager::disable($license);
redirect($redirect);
break;
case self::ACTION_ENABLE:
require_sesskey();
license_manager::enable($license);
redirect($redirect);
break;
case self::ACTION_DELETE:
require_sesskey();
license_manager::delete($license);
redirect($redirect);
break;
case self::ACTION_CREATE:
@ -116,7 +113,9 @@ class manager {
case self::ACTION_MOVE_UP:
case self::ACTION_MOVE_DOWN:
require_sesskey();
$this->change_license_order($action, $license);
redirect($redirect);
break;
case self::ACTION_VIEW_LICENSE_MANAGER:

6
admin/tool/licensemanager/index.php
View File

@ -28,15 +28,9 @@ require_once($CFG->libdir . '/licenselib.php');
require_admin();
$returnurl = \tool_licensemanager\helper::get_licensemanager_url();
$action = optional_param('action', '', PARAM_ALPHANUMEXT);
$license = optional_param('license', '', PARAM_SAFEDIR);
if (!confirm_sesskey()) {
redirect($returnurl);
}
// Route via the manager.
$licensemanager = new \tool_licensemanager\manager();
$PAGE->set_context(context_system::instance());