MDL-48109 mod_lesson: prevent CSRF on password protected lesson
authorSimey Lameze <simey@moodle.com>
Thu, 10 Sep 2015 07:31:47 +0000 (15:31 +0800)
committerMr. Jenkins (CiBoT) <cibot@moodle.org>
Wed, 4 Nov 2015 10:46:27 +0000 (18:46 +0800)
commit541c5b8552e0162010d0259c90a04eb63e875958
treef806feb0eda79ce2780b6fb3ea53786c8a8a563e
parentc73f6d03e5037729097bb9f5f5a55be15f3cab18
MDL-48109 mod_lesson: prevent CSRF on password protected lesson

This commit add a new session key hidden field on the lesson password form
and confirm if the session key is valid on related pages to prevent CSRF on
password protected lessons.
mod/lesson/mediafile.php
mod/lesson/renderer.php
mod/lesson/view.php