MDL-32774: Require sesskey for all actions in the assignment upgrade tool
authorDamyon Wiese <damyon.wiese@netspot.com.au>
Fri, 4 May 2012 06:36:06 +0000 (14:36 +0800)
committerDamyon Wiese <damyon.wiese@netspot.com.au>
Mon, 7 May 2012 02:51:05 +0000 (10:51 +0800)
admin/tool/assignmentupgrade/batchupgrade.php
admin/tool/assignmentupgrade/listnotupgraded.php
admin/tool/assignmentupgrade/upgradableassignmentstable.php
admin/tool/assignmentupgrade/upgradesingle.php
admin/tool/assignmentupgrade/upgradesingleconfirm.php

index b62260e..20ebf5c 100644 (file)
@@ -28,6 +28,8 @@ require_once(dirname(__FILE__) . '/upgradableassignmentstable.php');
 require_once(dirname(__FILE__) . '/upgradableassignmentsbatchform.php');
 require_once($CFG->libdir . '/adminlib.php');
 
 require_once(dirname(__FILE__) . '/upgradableassignmentsbatchform.php');
 require_once($CFG->libdir . '/adminlib.php');
 
+require_sesskey();
+
 // admin_externalpage_setup calls require_login and checks moodle/site:config
 admin_externalpage_setup('assignmentupgrade', '', array(), tool_assignmentupgrade_url('batchupgrade'));
 $PAGE->navbar->add(get_string('batchupgrade', 'tool_assignmentupgrade'));
 // admin_externalpage_setup calls require_login and checks moodle/site:config
 admin_externalpage_setup('assignmentupgrade', '', array(), tool_assignmentupgrade_url('batchupgrade'));
 $PAGE->navbar->add(get_string('batchupgrade', 'tool_assignmentupgrade'));
index 488ec6e..37605a5 100644 (file)
@@ -40,6 +40,7 @@ $assignments = new tool_assignmentupgrade_assignments_table($perpage);
 $batchform = new tool_assignmentupgrade_batchoperations_form();
 $data = $batchform->get_data();
 if ($data && $data->selectedassignments != '' || $data && isset($data->upgradeall)) {
 $batchform = new tool_assignmentupgrade_batchoperations_form();
 $data = $batchform->get_data();
 if ($data && $data->selectedassignments != '' || $data && isset($data->upgradeall)) {
+    require_sesskey();
     echo $renderer->confirm_batch_operation_page($data);
 } else {
     echo $renderer->assignment_list_page($assignments, $batchform);
     echo $renderer->confirm_batch_operation_page($data);
 } else {
     echo $renderer->assignment_list_page($assignments, $batchform);
index ed830f6..0e4830b 100644 (file)
@@ -132,7 +132,7 @@ class tool_assignmentupgrade_assignments_table extends table_sql implements rend
     function col_upgradable(stdClass $row) {
         if ($row->upgradable) {
             return html_writer::link(new moodle_url('/admin/tool/assignmentupgrade/upgradesingleconfirm.php',
     function col_upgradable(stdClass $row) {
         if ($row->upgradable) {
             return html_writer::link(new moodle_url('/admin/tool/assignmentupgrade/upgradesingleconfirm.php',
-                    array('id' => $row->id)), get_string('supported', 'tool_assignmentupgrade'));
+                    array('id' => $row->id, 'sesskey' => sesskey())), get_string('supported', 'tool_assignmentupgrade'));
         } else {
             return get_string('notsupported', 'tool_assignmentupgrade');
         }
         } else {
             return get_string('notsupported', 'tool_assignmentupgrade');
         }
index 8ae2aab..2464ebe 100644 (file)
@@ -26,6 +26,8 @@ require_once(dirname(__FILE__) . '/../../../config.php');
 require_once(dirname(__FILE__) . '/locallib.php');
 require_once($CFG->libdir . '/adminlib.php');
 
 require_once(dirname(__FILE__) . '/locallib.php');
 require_once($CFG->libdir . '/adminlib.php');
 
+require_sesskey();
+
 $assignmentid = required_param('id', PARAM_INT);
 
 // admin_externalpage_setup calls require_login and checks moodle/site:config
 $assignmentid = required_param('id', PARAM_INT);
 
 // admin_externalpage_setup calls require_login and checks moodle/site:config
index 015d217..0325b4a 100644 (file)
@@ -26,6 +26,8 @@ require_once(dirname(__FILE__) . '/../../../config.php');
 require_once(dirname(__FILE__) . '/locallib.php');
 require_once($CFG->libdir . '/adminlib.php');
 
 require_once(dirname(__FILE__) . '/locallib.php');
 require_once($CFG->libdir . '/adminlib.php');
 
+require_sesskey();
+
 $assignmentid = required_param('id', PARAM_INT);
 
 // admin_externalpage_setup calls require_login and checks moodle/site:config
 $assignmentid = required_param('id', PARAM_INT);
 
 // admin_externalpage_setup calls require_login and checks moodle/site:config