mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-13 20:42:22 +02:00
Code Issues Projects Releases Wiki Activity

MDL-48019 mod_forum: Add sesskey checks when setting tracking prefs

Browse Source 
This also removes set_url() and changes require_course_login to
require_login as guests cannot set tracking.
This commit is contained in:
Andrew Nicols 2014-11-03 09:49:00 +08:00 committed by Dan Poltawski
parent fb3e9ea25d
commit 7a311adbba
5 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mod/forum/deprecatedlib.php
View File

@ -338,7 +338,10 @@ function forum_get_tracking_link($forum, $messages=array(), $fakelink=true) {
// use <noscript> to print button in case javascript is not enabled
$link .= '<noscript>';
}
$url = new moodle_url('/mod/forum/settracking.php', array('id'=>$forum->id));
$url = new moodle_url('/mod/forum/settracking.php', array(
'id' => $forum->id,
'sesskey' => sesskey(),
));
$link .= $OUTPUT->single_button($url, $linktext, 'get', array('title'=>$linktitle));
if ($fakelink) {

2
mod/forum/forum.js
View File

@ -13,7 +13,7 @@ function forum_produce_tracking_link(forumid, ltext, ltitle) {
var elementid = "trackinglink";
var subs_link = document.getElementById(elementid);
if(subs_link){
subs_link.innerHTML = "<a title='"+ltitle+"' href='"+M.cfg.wwwroot+"/mod/forum/settracking.php?id="+forumid+"'>"+ltext+"<\/a>";
subs_link.innerHTML = "<a title='"+ltitle+"' href='"+M.cfg.wwwroot+"/mod/forum/settracking.php?id="+forumid+"&amp;sesskey="+M.cfg.sesskey+"'>"+ltext+"<\/a>";
}
}

5
mod/forum/index.php
View File

@ -240,7 +240,10 @@ if ($generalforums) {
} else if ($forum->trackingtype === FORUM_TRACKING_OFF || ($USER->trackforums == 0)) {
$trackedlink = '-';
} else {
$aurl = new moodle_url('/mod/forum/settracking.php', array('id'=>$forum->id));
$aurl = new moodle_url('/mod/forum/settracking.php', array(
'id' => $forum->id,
'sesskey' => sesskey(),
));
if (!isset($untracked[$forum->id])) {
$trackedlink = $OUTPUT->single_button($aurl, $stryes, 'post', array('title'=>$strnotrackforum));
} else {

5
mod/forum/lib.php
View File

@ -7107,7 +7107,10 @@ function forum_extend_settings_navigation(settings_navigation $settingsnav, navi
} else {
$linktext = get_string('trackforum', 'forum');
}
$url = new moodle_url('/mod/forum/settracking.php', array('id'=>$forumobject->id));
$url = new moodle_url('/mod/forum/settracking.php', array(
'id' => $forumobject->id,
'sesskey' => sesskey(),
));
$forumnode->add($linktext, $url, navigation_node::TYPE_SETTING);
}
}

9
mod/forum/settracking.php
View File

@ -29,11 +29,7 @@ require_once("lib.php");
$id = required_param('id',PARAM_INT); // The forum to subscribe or unsubscribe to
$returnpage = optional_param('returnpage', 'index.php', PARAM_FILE); // Page to return to.
$url = new moodle_url('/mod/forum/settracking.php', array('id'=>$id));
if ($returnpage !== 'index.php') {
$url->param('returnpage', $returnpage);
}
$PAGE->set_url($url);
require_sesskey();
if (! $forum = $DB->get_record("forum", array("id" => $id))) {
print_error('invalidforumid', 'forum');
@ -46,8 +42,7 @@ if (! $course = $DB->get_record("course", array("id" => $forum->course))) {
if (! $cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
print_error('invalidcoursemodule');
}
require_course_login($course, false, $cm);
require_login($course, false, $cm);
$returnto = forum_go_back_to($returnpage.'?id='.$course->id.'&f='.$forum->id);