MDL-53755 forum: Check session when marking posts

2025-04-13 20:42:22 +02:00 · 2016-04-08 09:57:15 +08:00 · 2016-04-08 09:57:15 +08:00 · e90e0ea570
commit e90e0ea570
parent 6b587d2be2
3 changed files with 5 additions and 4 deletions
--- a/mod/forum/index.php
+++ b/mod/forum/index.php
@ -245,7 +245,7 @@ if ($generalforums) {
                } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) {
                        $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>';
                    $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='.
-                                   $forum->id.'&amp;mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>';
+                                   $forum->id.'&amp;mark=read&amp;sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>';
                } else {
                    $unreadlink = '<span class="read">0</span>';
                }
@ -383,7 +383,7 @@ if ($course->id != SITEID) {    // Only real courses have learning forums
                    } else if ($unread = forum_tp_count_forum_unread_posts($cm, $course)) {
                        $unreadlink = '<span class="unread"><a href="view.php?f='.$forum->id.'">'.$unread.'</a>';
                        $unreadlink .= '<a title="'.$strmarkallread.'" href="markposts.php?f='.
-                                       $forum->id.'&amp;mark=read"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>';
+                                       $forum->id.'&amp;mark=read&sesskey=' . sesskey() . '"><img src="'.$OUTPUT->pix_url('t/markasread') . '" alt="'.$strmarkallread.'" class="iconsmall" /></a></span>';
                    } else {
                        $unreadlink = '<span class="read">0</span>';
                    }
--- a/mod/forum/lib.php
+++ b/mod/forum/lib.php
@ -3741,7 +3741,7 @@ function forum_print_discussion_header(&$post, $forum, $group = -1, $datestring
                    echo $post->unread;
                    echo '</a>';
                    echo '<a title="'.$strmarkalldread.'" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='.
-                         $forum->id.'&amp;d='.$post->discussion.'&amp;mark=read&amp;returnpage=view.php">' .
+                         $forum->id.'&amp;d='.$post->discussion.'&amp;mark=read&amp;returnpage=view.php&amp;sesskey=' . sesskey() . '">' .
                         '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.$strmarkalldread.'" /></a>';
                    echo '</span>';
                } else {
@ -5433,7 +5433,7 @@ function forum_print_latest_discussions($course, $forum, $maxdiscussions = -1, $
                if ($forumtracked) {
                    echo '<a title="'.get_string('markallread', 'forum').
                         '" href="'.$CFG->wwwroot.'/mod/forum/markposts.php?f='.
-                         $forum->id.'&amp;mark=read&amp;returnpage=view.php">'.
+                         $forum->id.'&amp;mark=read&amp;returnpage=view.php&amp;sesskey=' . sesskey() . '">'.
                         '<img src="'.$OUTPUT->pix_url('t/markasread') . '" class="iconsmall" alt="'.get_string('markallread', 'forum').'" /></a>';
                }
                echo '</th>';
--- a/mod/forum/markposts.php
+++ b/mod/forum/markposts.php
@ -55,6 +55,7 @@ if (!$cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
 $user = $USER;

 require_login($course, false, $cm);
+require_sesskey();

 if ($returnpage == 'index.php') {
    $returnto = new moodle_url("/mod/forum/$returnpage", array('id' => $course->id));