From dba386b573ee7397fca5264e0a84980a9c9ab700 Mon Sep 17 00:00:00 2001
From: Petr Skoda <skodak@moodle.org>
Date: Fri, 20 Nov 2009 08:50:12 +0000
Subject: [PATCH] MDL-20901 fixed input validation

---
 mod/glossary/import.html | 1 +
 mod/glossary/import.php  | 1 +
 mod/glossary/rate.php    | 2 +-
 mod/glossary/view.php    | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/mod/glossary/import.html b/mod/glossary/import.html
index 9e32e890145..60dfc17e4ca 100644
--- a/mod/glossary/import.html
+++ b/mod/glossary/import.html
@@ -46,6 +46,7 @@
 </table>
 <div>
 <input type="hidden" name="id" value="<?php p($id) ?>" />
+<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
 <input type="hidden" name="step" value="1" />
 </div>
 </form>
diff --git a/mod/glossary/import.php b/mod/glossary/import.php
index ab12f3d785a..c93c54a5c01 100644
--- a/mod/glossary/import.php
+++ b/mod/glossary/import.php
@@ -82,6 +82,7 @@ if ( !$step ) {
     exit;
 }
 
+require_sesskey();
 $form = data_submitted();
 $file = $_FILES["file"];
 
diff --git a/mod/glossary/rate.php b/mod/glossary/rate.php
index ad37822d00c..1b222f11805 100644
--- a/mod/glossary/rate.php
+++ b/mod/glossary/rate.php
@@ -46,7 +46,7 @@
         $returnurl = $CFG->wwwroot.'/mod/glossary/view.php?id='.$cm->id;
     }
 
-    if ($data = data_submitted()) {    // form submitted
+    if ($data = data_submitted() and confirm_sesskey()) {    // form submitted
 
     /// Calculate scale values
         $scale_values = make_grades_menu($glossary->scale);
diff --git a/mod/glossary/view.php b/mod/glossary/view.php
index f1d3fdb04d3..581c121d095 100644
--- a/mod/glossary/view.php
+++ b/mod/glossary/view.php
@@ -417,6 +417,7 @@ if ($allentries) {
         echo "<form method=\"post\" action=\"rate.php\">";
         echo "<div>";
         echo "<input type=\"hidden\" name=\"glossaryid\" value=\"$glossary->id\" />";
+        echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
     }
 
     foreach ($allentries as $entry) {