mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-15 05:25:08 +02:00
Code Issues Projects Releases Wiki Activity

MDL-20901 fixed input validation

Browse Source
This commit is contained in:
Petr Skoda 2009-11-19 19:41:52 +00:00
parent 19c795b837
commit 825ac7f8f9
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
enrol/manual/enrol.html
View File

@ -19,6 +19,7 @@
<input type="password" name="password" size="20" value="<?php p($password) ?>" />
<input type="hidden" name="id" value="<?php p($course->id) ?>" />
<input type="hidden" name="enrol" value="manual" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="submit" value="<?php print_string("enrolme") ?>" />
</td>
</tr>

6
enrol/manual/enrol.php
View File

@ -70,11 +70,11 @@ function print_entry($course) {
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
echo '<br />';
echo $OUTPUT->confirm(get_string('enrolmentconfirmation'), "enrol.php?id=$course->id&confirm=1", "enrol.php?id=$course->id&cancel=1");
echo $OUTPUT->confirm(get_string('enrolmentconfirmation'), "enrol.php?id=$course->id&confirm=1&amp;sesskey=".sesskey(), "enrol.php?id=$course->id&cancel=1");
echo $OUTPUT->footer();
exit;
} else if (!empty($_GET['confirm'])) {
} else if (!empty($_GET['confirm']) and confirm_sesskey()) {
if (!enrol_into_course($course, $USER, 'manual')) {
print_error('couldnotassignrole');
@ -140,7 +140,7 @@ function check_entry($form, $course) {
$form->password = '';
}
if (empty($course->password)) {
if (empty($course->password) or !confirm_sesskey()) {
// do not allow entry when no course password set
// automatic login when manual primary, no login when secondary at all!!
print_error('invalidenrol');