From 6b16846e831cbfd0b8fe2ece9af8188ca741aca7 Mon Sep 17 00:00:00 2001 From: Andrew Robert Nicols Date: Wed, 9 Jan 2013 08:35:02 +0000 Subject: [PATCH] MDL-36600 Add missing sesskey check when previewing the message --- user/messageselect.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user/messageselect.php b/user/messageselect.php index e7cca967ac3..01de42d7353 100644 --- a/user/messageselect.php +++ b/user/messageselect.php @@ -91,7 +91,8 @@ $messagebody = $SESSION->emailselect[$id]['messagebody']; $count = 0; -if (($data = data_submitted()) && confirm_sesskey()) { +if ($data = data_submitted()) { + require_sesskey(); foreach ($data as $k => $v) { if (preg_match('/^(user|teacher)(\d+)$/',$k,$m)) { if (!array_key_exists($m[2],$SESSION->emailto[$id])) { @@ -130,6 +131,7 @@ if ($count) { } if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) { + require_sesskey(); if (count($SESSION->emailto[$id])) { if (!empty($preview)) { echo '
@@ -142,7 +144,7 @@ if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) { echo '

'."\n"; echo '

'; echo "\n
"; - } else if (!empty($send) && require_sesskey()) { + } else if (!empty($send)) { $good = 1; foreach ($SESSION->emailto[$id] as $user) { $good = $good && message_post_message($USER,$user,$messagebody,$format); @@ -170,6 +172,7 @@ if ((!empty($send) || !empty($preview) || !empty($edit)) && (empty($messagebody) } if (count($SESSION->emailto[$id])) { + require_sesskey(); $usehtmleditor = can_use_html_editor(); require("message.html"); } -- 2.36.1