MDL-32774: Require sesskey for all actions in the assignment upgrade tool

2025-02-08 00:52:33 +01:00 · 2012-05-04 14:36:06 +08:00 · 2012-05-04 14:36:06 +08:00 · ee225061dc
commit ee225061dc
parent e16e2300c5
5 changed files with 8 additions and 1 deletions
--- a/admin/tool/assignmentupgrade/batchupgrade.php
+++ b/admin/tool/assignmentupgrade/batchupgrade.php
@ -28,6 +28,8 @@ require_once(dirname(__FILE__) . '/upgradableassignmentstable.php');
 require_once(dirname(__FILE__) . '/upgradableassignmentsbatchform.php');
 require_once($CFG->libdir . '/adminlib.php');

+require_sesskey();
+
 // admin_externalpage_setup calls require_login and checks moodle/site:config
 admin_externalpage_setup('assignmentupgrade', '', array(), tool_assignmentupgrade_url('batchupgrade'));
 $PAGE->navbar->add(get_string('batchupgrade', 'tool_assignmentupgrade'));
--- a/admin/tool/assignmentupgrade/listnotupgraded.php
+++ b/admin/tool/assignmentupgrade/listnotupgraded.php
@ -40,6 +40,7 @@ $assignments = new tool_assignmentupgrade_assignments_table($perpage);
 $batchform = new tool_assignmentupgrade_batchoperations_form();
 $data = $batchform->get_data();
 if ($data && $data->selectedassignments != '' || $data && isset($data->upgradeall)) {
+    require_sesskey();
    echo $renderer->confirm_batch_operation_page($data);
 } else {
    echo $renderer->assignment_list_page($assignments, $batchform);
--- a/admin/tool/assignmentupgrade/upgradableassignmentstable.php
+++ b/admin/tool/assignmentupgrade/upgradableassignmentstable.php
@ -132,7 +132,7 @@ class tool_assignmentupgrade_assignments_table extends table_sql implements rend
    function col_upgradable(stdClass $row) {
        if ($row->upgradable) {
            return html_writer::link(new moodle_url('/admin/tool/assignmentupgrade/upgradesingleconfirm.php',
-                    array('id' => $row->id)), get_string('supported', 'tool_assignmentupgrade'));
+                    array('id' => $row->id, 'sesskey' => sesskey())), get_string('supported', 'tool_assignmentupgrade'));
        } else {
            return get_string('notsupported', 'tool_assignmentupgrade');
        }
--- a/admin/tool/assignmentupgrade/upgradesingle.php
+++ b/admin/tool/assignmentupgrade/upgradesingle.php
@ -26,6 +26,8 @@ require_once(dirname(__FILE__) . '/../../../config.php');
 require_once(dirname(__FILE__) . '/locallib.php');
 require_once($CFG->libdir . '/adminlib.php');

+require_sesskey();
+
 $assignmentid = required_param('id', PARAM_INT);

 // admin_externalpage_setup calls require_login and checks moodle/site:config
--- a/admin/tool/assignmentupgrade/upgradesingleconfirm.php
+++ b/admin/tool/assignmentupgrade/upgradesingleconfirm.php
@ -26,6 +26,8 @@ require_once(dirname(__FILE__) . '/../../../config.php');
 require_once(dirname(__FILE__) . '/locallib.php');
 require_once($CFG->libdir . '/adminlib.php');

+require_sesskey();
+
 $assignmentid = required_param('id', PARAM_INT);

 // admin_externalpage_setup calls require_login and checks moodle/site:config