From caf766507771e07c1752ece1f37a32b2b4f6d8b9 Mon Sep 17 00:00:00 2001 From: Dan Poltawski Date: Tue, 28 Jan 2014 15:35:42 +0800 Subject: [PATCH] MDL-43146 enrol_imsenterprise: missing sesskey protection --- enrol/imsenterprise/importnow.php | 1 + enrol/imsenterprise/settings.php | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/enrol/imsenterprise/importnow.php b/enrol/imsenterprise/importnow.php index f3feda77c68..e192e11f5e8 100644 --- a/enrol/imsenterprise/importnow.php +++ b/enrol/imsenterprise/importnow.php @@ -24,6 +24,7 @@ require_once(dirname(dirname(dirname(__FILE__))) . '/config.php'); require_login(0, false); require_capability('moodle/site:config', context_system::instance()); +require_sesskey(); $site = get_site(); diff --git a/enrol/imsenterprise/settings.php b/enrol/imsenterprise/settings.php index 2ecf5759ceb..8f7c734ee33 100644 --- a/enrol/imsenterprise/settings.php +++ b/enrol/imsenterprise/settings.php @@ -119,7 +119,8 @@ if ($ADMIN->fulltree) { $settings->add(new admin_setting_configcheckbox('enrol_imsenterprise/imscapitafix', get_string('usecapitafix', 'enrol_imsenterprise'), get_string('usecapitafix_desc', 'enrol_imsenterprise'), 0)); - $importnowstring = get_string('aftersaving...', 'enrol_imsenterprise').' '; - $importnowstring .= get_string('doitnow', 'enrol_imsenterprise').''; + $importurl = new moodle_url('/enrol/imsenterprise/importnow.php', array('sesskey' => sesskey())); + $importnowstring = get_string('aftersaving...', 'enrol_imsenterprise').' '; + $importnowstring .= html_writer::link($importurl, get_string('doitnow', 'enrol_imsenterprise')); $settings->add(new admin_setting_heading('enrol_imsenterprise_doitnowmessage', '', $importnowstring)); } -- 2.17.1