MDL-68292 core: Remove sesskey leakage on module pages

2025-08-05 17:06:53 +02:00 · 2020-09-24 17:01:31 +10:00 · 2020-09-24 17:01:31 +10:00 · 155b0da5a5
commit 155b0da5a5
parent 46f977a8bf
3 changed files with 5 additions and 4 deletions
--- a/admin/modules.php
+++ b/admin/modules.php
@ -49,6 +49,7 @@
                array($module->id));
        core_plugin_manager::reset_caches();
        admin_get_root(true, false);  // settings not required - only pages
+        redirect(new moodle_url('/admin/modules.php'));
    }

    if (!empty($show) and confirm_sesskey()) {
@ -66,6 +67,7 @@
                array($module->id));
        core_plugin_manager::reset_caches();
        admin_get_root(true, false);  // settings not required - only pages
+        redirect(new moodle_url('/admin/modules.php'));
    }

    echo $OUTPUT->header();
@ -121,8 +123,8 @@
            $count = -1;
        }
        if ($count>0) {
-            $countlink = "<a href=\"{$CFG->wwwroot}/course/search.php?modulelist=$module->name" .
-                "&amp;sesskey=".sesskey()."\" title=\"$strshowmodulecourse\">$count</a>";
+            $countlink = $OUTPUT->action_link(new moodle_url('/course/search.php', ['modulelist' => $module->name]),
+                $count, null, ['title' => $strshowmodulecourse]);
        } else if ($count < 0) {
            $countlink = get_string('error');
        } else {