mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-07-18 21:01:27 +02:00
Code Issues Projects Releases Wiki Activity

MDL-50784 ajax: Require a sesskey for all ajax requests.

Browse Source 
This needs to be done before we can expose any webservices that
change state, or return private info to ajax (to prevent CSRF).

Currently there are no webservices exposed to ajax that meet these
criteria - so this issue is to prevent future security issues.
This commit is contained in:
Damyon Wiese
2015-07-13 10:15:17 +08:00
committed by Eloy Lafuente (stronk7)
parent 5fceb11e6c
commit b0a583932a
3 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/amd/src/ajax.js
View File

@@ -146,13 +146,13 @@ define(['jquery', 'core/config'], function($, config) {
// Jquery deprecated done and fail with async=false so we need to do this 2 ways.
if (async) {
$.ajax(config.wwwroot + '/lib/ajax/service.php', settings)
$.ajax(config.wwwroot + '/lib/ajax/service.php?sesskey=' + config.sesskey, settings)
.done(requestSuccess)
.fail(requestFail);
} else {
settings.success = requestSuccess;
settings.error = requestFail;
$.ajax(config.wwwroot + '/lib/ajax/service.php', settings);
$.ajax(config.wwwroot + '/lib/ajax/service.php?sesskey=' + config.sesskey, settings);
}
return promises;