From 0cc875b7d0e359bb983a8587d91ccbcd874ded7d Mon Sep 17 00:00:00 2001 From: Andrew Robert Nicols Date: Wed, 9 Jan 2013 09:22:37 +1300 Subject: [PATCH] MDL-36600 user: improve course messaging checks --- user/message.html | 1 + user/messageselect.php | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/user/message.html b/user/message.html index 6426111f060..9446751dac1 100644 --- a/user/message.html +++ b/user/message.html @@ -1,5 +1,6 @@
+ box_start(); ?> diff --git a/user/messageselect.php b/user/messageselect.php index d54d26d4133..e7cca967ac3 100644 --- a/user/messageselect.php +++ b/user/messageselect.php @@ -91,7 +91,7 @@ $messagebody = $SESSION->emailselect[$id]['messagebody']; $count = 0; -if ($data = data_submitted()) { +if (($data = data_submitted()) && confirm_sesskey()) { foreach ($data as $k => $v) { if (preg_match('/^(user|teacher)(\d+)$/',$k,$m)) { if (!array_key_exists($m[2],$SESSION->emailto[$id])) { @@ -136,12 +136,13 @@ if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) { + '; echo "

".get_string('previewhtml')."

\n".format_text($messagebody,$format)."\n
\n"; echo '

'."\n"; echo '

'; echo "\n
"; - } else if (!empty($send)) { + } else if (!empty($send) && require_sesskey()) { $good = 1; foreach ($SESSION->emailto[$id] as $user) { $good = $good && message_post_message($USER,$user,$messagebody,$format); -- 2.43.0