diff --git a/lang/en/webservice.php b/lang/en/webservice.php
index 0017e1d85dc..c5721de5823 100644
--- a/lang/en/webservice.php
+++ b/lang/en/webservice.php
@@ -164,6 +164,7 @@ $string['required'] = 'Required';
$string['requiredcapability'] = 'Required capability';
$string['requiredcapability_help'] = 'If set, only users with the required capability can access the service.';
$string['requiredcaps'] = 'Required capabilities';
+$string['resettokencomplete'] = 'The selected token was reset';
$string['resettokenconfirm'] = 'Do you really want to reset this web service key for {$a->user} on the service {$a->service}?';
$string['resettokenconfirmsimple'] = 'Do you really want to reset this key? Any saved links containing the old key will not work anymore.';
$string['response'] = 'Response';
diff --git a/lib/adminlib.php b/lib/adminlib.php
index 37708863a60..2482c351b2d 100644
--- a/lib/adminlib.php
+++ b/lib/adminlib.php
@@ -10198,7 +10198,7 @@ class admin_setting_webservicesoverview extends admin_setting {
/// 8. Create token for the specific user
$row = array();
- $url = new moodle_url("/admin/webservice/tokens.php?sesskey=" . sesskey() . "&action=create");
+ $url = new moodle_url('/admin/webservice/tokens.php', ['action' => 'create']);
$row[0] = "8. " . html_writer::tag('a', get_string('createtokenforuser', 'webservice'),
array('href' => $url));
$row[1] = "";
diff --git a/lib/navigationlib.php b/lib/navigationlib.php
index e52b4951d95..cfeec7013a9 100644
--- a/lib/navigationlib.php
+++ b/lib/navigationlib.php
@@ -5204,7 +5204,7 @@ class settings_navigation extends navigation_node {
}
// Security keys.
if ($currentuser && $enablemanagetokens) {
- $url = new moodle_url('/user/managetoken.php', array('sesskey'=>sesskey()));
+ $url = new moodle_url('/user/managetoken.php');
$useraccount->add(get_string('securitykeys', 'webservice'), $url, self::TYPE_SETTING);
}
diff --git a/rss/renderer.php b/rss/renderer.php
index 4d3ecb2f508..79e7726abcb 100644
--- a/rss/renderer.php
+++ b/rss/renderer.php
@@ -35,12 +35,10 @@ class core_rss_renderer extends plugin_renderer_base {
* @return string html
*/
public function user_reset_rss_token_confirmation() {
- global $CFG;
- $managetokenurl = $CFG->wwwroot."/user/managetoken.php?sesskey=" . sesskey();
- $optionsyes = array('action' => 'resetrsstoken', 'confirm' => 1, 'sesskey' => sesskey());
- $optionsno = array('section' => 'webservicetokens', 'sesskey' => sesskey());
+ $managetokenurl = '/user/managetoken.php';
+ $optionsyes = ['action' => 'resetrsstoken', 'confirm' => 1];
$formcontinue = new single_button(new moodle_url($managetokenurl, $optionsyes), get_string('reset'));
- $formcancel = new single_button(new moodle_url($managetokenurl, $optionsno), get_string('cancel'), 'get');
+ $formcancel = new single_button(new moodle_url($managetokenurl), get_string('cancel'), 'get');
$html = $this->output->confirm(get_string('resettokenconfirmsimple', 'webservice'), $formcontinue, $formcancel);
return $html;
}
@@ -69,8 +67,9 @@ class core_rss_renderer extends plugin_renderer_base {
$table->data = array();
if (!empty($token)) {
- $reset = "wwwroot."/user/managetoken.php?sesskey=".sesskey().
- "&action=resetrsstoken\">".get_string('reset')."";
+ $reset = html_writer::link(new moodle_url('/user/managetoken.php', [
+ 'action' => 'resetrsstoken',
+ ]), get_string('reset'));
$table->data[] = array($token, $reset);
diff --git a/user/managetoken.php b/user/managetoken.php
index 390f70cfb63..87b4163fc25 100644
--- a/user/managetoken.php
+++ b/user/managetoken.php
@@ -26,7 +26,6 @@
require('../config.php');
require_login();
-require_sesskey();
$usercontext = context_user::instance($USER->id);
@@ -57,7 +56,9 @@ if ( !is_siteadmin($USER->id)
$resetconfirmation = $wsrenderer->user_reset_token_confirmation($token);
} else {
// Delete the token that need to be regenerated.
+ require_sesskey();
$webservice->delete_user_ws_token($tokenid);
+ redirect($PAGE->url, get_string('resettokencomplete', 'core_webservice'));
}
}
@@ -92,7 +93,9 @@ if (!empty($CFG->enablerssfeeds)) {
if (!$confirm) {
$resetconfirmation = $rssrenderer->user_reset_rss_token_confirmation();
} else {
+ require_sesskey();
rss_delete_token($USER->id);
+ redirect($PAGE->url, get_string('resettokencomplete', 'core_webservice'));
}
}
if (empty($resetconfirmation)) {
diff --git a/webservice/classes/token_table.php b/webservice/classes/token_table.php
index ad6a54b6b84..5643fae7ae7 100644
--- a/webservice/classes/token_table.php
+++ b/webservice/classes/token_table.php
@@ -117,7 +117,6 @@ class token_table extends \table_sql {
$tokenpageurl = new \moodle_url(
"/admin/webservice/tokens.php",
[
- "sesskey" => sesskey(),
"action" => "delete",
"tokenid" => $data->id
]
diff --git a/webservice/renderer.php b/webservice/renderer.php
index 30c7fc03879..3ad1001b1bb 100644
--- a/webservice/renderer.php
+++ b/webservice/renderer.php
@@ -263,15 +263,10 @@ class core_webservice_renderer extends plugin_renderer_base {
* @return string html
*/
public function user_reset_token_confirmation($token) {
- global $CFG;
- $managetokenurl = $CFG->wwwroot . "/user/managetoken.php?sesskey=" . sesskey();
- $optionsyes = array('tokenid' => $token->id, 'action' => 'resetwstoken', 'confirm' => 1,
- 'sesskey' => sesskey());
- $optionsno = array('section' => 'webservicetokens', 'sesskey' => sesskey());
- $formcontinue = new single_button(new moodle_url($managetokenurl, $optionsyes),
- get_string('reset'));
- $formcancel = new single_button(new moodle_url($managetokenurl, $optionsno),
- get_string('cancel'), 'get');
+ $managetokenurl = '/user/managetoken.php';
+ $optionsyes = ['tokenid' => $token->id, 'action' => 'resetwstoken', 'confirm' => 1];
+ $formcontinue = new single_button(new moodle_url($managetokenurl, $optionsyes), get_string('reset'));
+ $formcancel = new single_button(new moodle_url($managetokenurl), get_string('cancel'), 'get');
$html = $this->output->confirm(get_string('resettokenconfirm', 'webservice',
(object) array('user' => $token->firstname . " " .
$token->lastname, 'service' => $token->name)),
@@ -318,9 +313,10 @@ class core_webservice_renderer extends plugin_renderer_base {
foreach ($tokens as $token) {
if ($token->creatorid == $userid) {
- $reset = "wwwroot . "/user/managetoken.php?sesskey="
- . sesskey() . "&action=resetwstoken&tokenid=" . $token->id . "\">";
- $reset .= get_string('reset') . "";
+ $reset = html_writer::link(new moodle_url('/user/managetoken.php', [
+ 'action' => 'resetwstoken',
+ 'tokenid' => $token->id,
+ ]), get_string('reset'));
$creator = $token->firstname . " " . $token->lastname;
} else {
//retrieve administrator name
@@ -347,7 +343,7 @@ class core_webservice_renderer extends plugin_renderer_base {
if ($documentation) {
$doclink = new moodle_url('/webservice/wsdoc.php',
- array('id' => $token->id, 'sesskey' => sesskey()));
+ array('id' => $token->id));
$row[] = html_writer::tag('a', get_string('doc', 'webservice'),
array('href' => $doclink));
}
diff --git a/webservice/wsdoc.php b/webservice/wsdoc.php
index 9c5002a26f4..9e118f94611 100644
--- a/webservice/wsdoc.php
+++ b/webservice/wsdoc.php
@@ -27,7 +27,6 @@ require_once('../config.php');
require($CFG->dirroot . '/webservice/lib.php');
require_login();
-require_sesskey();
$usercontext = context_user::instance($USER->id);
$tokenid = required_param('id', PARAM_INT);
@@ -43,9 +42,7 @@ $PAGE->set_pagelayout('standard');
$PAGE->navbar->ignore_active(true);
$PAGE->navbar->add(get_string('preferences'), new moodle_url('/user/preferences.php'));
$PAGE->navbar->add(get_string('useraccount'));
-$PAGE->navbar->add(get_string('securitykeys', 'webservice'),
- new moodle_url('/user/managetoken.php',
- array('id' => $tokenid, 'sesskey' => sesskey())));
+$PAGE->navbar->add(get_string('securitykeys', 'webservice'), new moodle_url('/user/managetoken.php'));
$PAGE->navbar->add(get_string('wsdocumentation', 'webservice'));
// check web service are enabled