MDL-53031 mod_assign: add session check on assignment plugins management
authorSimey Lameze <simey@moodle.com>
Tue, 8 Mar 2016 08:06:16 +0000 (16:06 +0800)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Tue, 8 Mar 2016 18:46:07 +0000 (19:46 +0100)
mod/assign/adminmanageplugins.php

index 9c6ab63..0aaceb6 100644 (file)
 require_once(dirname(__FILE__) . '/../../config.php');
 require_once($CFG->dirroot.'/mod/assign/adminlib.php');
 
+$subtype = required_param('subtype', PARAM_PLUGIN);
+$action = optional_param('action', null, PARAM_PLUGIN);
+$plugin = optional_param('plugin', null, PARAM_PLUGIN);
+
+if (!empty($plugin)) {
+    require_sesskey();
+}
+
 // Create the class for this controller.
-$pluginmanager = new assign_plugin_manager(required_param('subtype', PARAM_PLUGIN));
+$pluginmanager = new assign_plugin_manager($subtype);
 
 $PAGE->set_context(context_system::instance());
 
 // Execute the controller.
-$pluginmanager->execute(optional_param('action', null, PARAM_PLUGIN),
-                        optional_param('plugin', null, PARAM_PLUGIN));
+$pluginmanager->execute($action, $plugin);