course/student.php is using sesskey.

Merged from MOODLE_14_STABLE

course/student.html

@@ -1,6 +1,7 @@
 
 <form name="studentform" id="studentform" method="post" action="student.php">
 <input type="hidden" name="previoussearch" value="<?php echo $previoussearch ?>" />
+<input type="hidden" name="sesskey" value="<?php echo $sesskey ?>" />
 <input type="hidden" name="id" value="<?php echo $id?>" />
   <table align="center" border="0" cellpadding="5" cellspacing="0">
     <tr>

course/student.php

@@ -67,7 +67,7 @@
 /// A form was submitted so process the input
 
     } else {
-        if (!empty($frm->add) and !empty($frm->addselect)) {
+        if (!empty($frm->add) and !empty($frm->addselect) and confirm_sesskey()) {
             if ($course->enrolperiod) {
                 $timestart = time();
                 $timeend   = $timestart + $course->enrolperiod;
@@ -79,7 +79,7 @@
                     error("Could not add student with id $addstudent to this course!");
                 }
             }
-        } else if (!empty($frm->remove) and !empty($frm->removeselect)) {
+        } else if (!empty($frm->remove) and !empty($frm->removeselect) and confirm_sesskey()) {
             foreach ($frm->removeselect as $removestudent) {
                 if (! unenrol_student($removestudent, $course->id)) {
                     error("Could not remove student with id $removestudent from this course!");
@@ -135,6 +135,8 @@
 
     print_simple_box_start("center", "", "$THEME->cellheading");
 
+    $sesskey = !empty($USER->id) ? $USER->sesskey : '';
+
     include('student.html');
 
     print_simple_box_end();