MDL-44606 Assign: Some grading functions are missing sesskey protection
authorDamyon Wiese <damyon@moodle.com>
Thu, 13 Mar 2014 08:14:45 +0000 (16:14 +0800)
committerDan Poltawski <dan@moodle.com>
Wed, 7 May 2014 04:36:38 +0000 (12:36 +0800)
mod/assign/locallib.php

index d417534..42e10f9 100644 (file)
@@ -4895,6 +4895,7 @@ class assign {
 
         // Include extension form.
         require_once($CFG->dirroot . '/mod/assign/extensionform.php');
+        require_sesskey();
 
         $batchusers = optional_param('selectedusers', '', PARAM_SEQUENCE);
         $userid = 0;
@@ -4938,6 +4939,7 @@ class assign {
 
         // Need grade permission.
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // Make sure advanced grading is disabled.
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');
@@ -5214,6 +5216,7 @@ class assign {
 
         // Need submit permission to submit an assignment.
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // Is advanced grading enabled?
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');