MDL-43146 enrol_imsenterprise: missing sesskey protection
authorDan Poltawski <dan@moodle.com>
Tue, 28 Jan 2014 07:35:42 +0000 (15:35 +0800)
committerDamyon Wiese <damyon@moodle.com>
Tue, 4 Mar 2014 04:24:51 +0000 (12:24 +0800)
enrol/imsenterprise/importnow.php
enrol/imsenterprise/settings.php

index f3feda7..e192e11 100644 (file)
@@ -24,6 +24,7 @@
 require_once(dirname(dirname(dirname(__FILE__))) . '/config.php');
 require_login(0, false);
 require_capability('moodle/site:config', context_system::instance());
+require_sesskey();
 
 $site = get_site();
 
index 2ecf575..8f7c734 100644 (file)
@@ -119,7 +119,8 @@ if ($ADMIN->fulltree) {
     $settings->add(new admin_setting_configcheckbox('enrol_imsenterprise/imscapitafix',
         get_string('usecapitafix', 'enrol_imsenterprise'), get_string('usecapitafix_desc', 'enrol_imsenterprise'), 0));
 
-    $importnowstring = get_string('aftersaving...', 'enrol_imsenterprise').' <a href="../enrol/imsenterprise/importnow.php">';
-    $importnowstring .= get_string('doitnow', 'enrol_imsenterprise').'</a>';
+    $importurl = new moodle_url('/enrol/imsenterprise/importnow.php', array('sesskey' => sesskey()));
+    $importnowstring = get_string('aftersaving...', 'enrol_imsenterprise').' ';
+    $importnowstring .= html_writer::link($importurl, get_string('doitnow', 'enrol_imsenterprise'));
     $settings->add(new admin_setting_heading('enrol_imsenterprise_doitnowmessage', '', $importnowstring));
 }