mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 14:27:22 +01:00
Code Issues Projects Releases Wiki Activity

MDL-23139, fixed CSRF in wiki editing page

Browse Source
This commit is contained in:
Dongsheng Cai 2010-11-08 07:43:18 +00:00
parent f979f128bf
commit d2807da895
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mod/wiki/lock.php
View File

@ -37,6 +37,10 @@ require_once($CFG->dirroot . '/mod/wiki/lib.php');
require_once($CFG->dirroot . '/mod/wiki/locallib.php');
require_once($CFG->dirroot . '/mod/wiki/pagelib.php');
if (!confirm_sesskey()) {
print_error('invalidsesskey');
}
$pageid = required_param('pageid', PARAM_INT);
$section = optional_param('section', "", PARAM_TEXT);

8
mod/wiki/module.js
View File

@ -40,12 +40,14 @@ M.mod_wiki.init = function(Y, args) {
};
M.mod_wiki.renew_lock = function(Y, args) {
function renewLock() {
var args = 'pageid=' + wiki.pageid;
var args = {};
args['sesskey'] = M.cfg.sesskey;
args['pageid'] = wiki.pageid;
if (wiki.section) {
args += '&section=' + wiki.section;
args['section'] = wiki.section;
}
var callback = {};
YAHOO.util.Connect.asyncRequest('GET', 'lock.php?' + args, callback);
YAHOO.util.Connect.asyncRequest('GET', 'lock.php?' + build_querystring(args), callback);
}
setInterval(renewLock, wiki.renew_lock_timeout * 1000);
}