From a6d7a812713b4dc2fa3c334d8f73aaf7ff40a32e Mon Sep 17 00:00:00 2001
From: Andrew Nicols <andrew@nicols.co.uk>
Date: Mon, 3 Nov 2014 09:25:23 +0800
Subject: [PATCH] MDL-48020 mod_forum: Add missing sesskey check in AJAX
 subscription

---
 mod/forum/subscribe_ajax.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod/forum/subscribe_ajax.php b/mod/forum/subscribe_ajax.php
index cbee96ea9f5..666abb1f803 100644
--- a/mod/forum/subscribe_ajax.php
+++ b/mod/forum/subscribe_ajax.php
@@ -28,7 +28,6 @@ require_once($CFG->dirroot . '/mod/forum/lib.php');
 
 $forumid        = required_param('forumid', PARAM_INT);             // The forum to subscribe or unsubscribe.
 $discussionid   = optional_param('discussionid', null, PARAM_INT);  // The discussionid to subscribe.
-$sesskey        = optional_param('sesskey', null, PARAM_RAW);
 $includetext    = optional_param('includetext', false, PARAM_BOOL);
 
 $forum          = $DB->get_record('forum', array('id' => $forumid), '*', MUST_EXIST);
@@ -37,6 +36,7 @@ $discussion     = $DB->get_record('forum_discussions', array('id' => $discussion
 $cm             = get_coursemodule_from_instance('forum', $forum->id, $course->id, false, MUST_EXIST);
 $context        = context_module::instance($cm->id);
 
+require_sesskey();
 require_login($course, false, $cm);
 require_capability('mod/forum:viewdiscussion', $context);
 
-- 
2.39.2