moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-20901 fixed input validation

Browse source
This commit is contained in:
Petr Skoda 2009-11-21 22:23:32 +00:00
parent 1d5fb64d96
commit 1797784624
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
mod/glossary/formats.php
View file

@ -22,7 +22,7 @@ if ( !$displayformat = $DB->get_record("glossary_formats", array("id"=>$id))) {
} }
$form = data_submitted(); $form = data_submitted();
if ( $mode == 'visible' ) { if ( $mode == 'visible' and confirm_sesskey()) {
if ( $displayformat ) { if ( $displayformat ) {
if ( $displayformat->visible ) { if ( $displayformat->visible ) {
$displayformat->visible = 0; $displayformat->visible = 0;
@ -33,7 +33,7 @@ if ( $mode == 'visible' ) {
} }
redirect("$CFG->wwwroot/$CFG->admin/settings.php?section=modsettingglossary#glossary_formats_header"); redirect("$CFG->wwwroot/$CFG->admin/settings.php?section=modsettingglossary#glossary_formats_header");
die; die;
} elseif ( $mode == 'edit' and $form) { } elseif ( $mode == 'edit' and $form and confirm_sesskey()) {
$displayformat->popupformatname = $form->popupformatname; $displayformat->popupformatname = $form->popupformatname;
$displayformat->showgroup = $form->showgroup; $displayformat->showgroup = $form->showgroup;
@ -253,6 +253,7 @@ echo '<table width="90%" align="center" class="generalbox">';
<input type="submit" value="<?php print_string("savechanges") ?>" /></td> <input type="submit" value="<?php print_string("savechanges") ?>" /></td>
</tr> </tr>
<input type="hidden" name="id" value="<?php p($id) ?>" /> <input type="hidden" name="id" value="<?php p($id) ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="mode" value="edit" /> <input type="hidden" name="mode" value="edit" />
<?php <?php

2
mod/glossary/settings.php
View file

@ -71,7 +71,7 @@ foreach ($formats as $formatid=>$formatname) {
$vtitle = get_string("show"); $vtitle = get_string("show");
$vicon = "show.gif"; $vicon = "show.gif";
} }
$vicon = "<a title=\"".$vtitle."\" href=\"$CFG->wwwroot/mod/glossary/formats.php?id=$formatid&amp;mode=visible\"><img class=\"iconsmall\" src=\"$pixpath/t/".$vicon."\" alt=\"$vtitle\" /></a>"; $vicon = "<a title=\"".$vtitle."\" href=\"$CFG->wwwroot/mod/glossary/formats.php?id=$formatid&amp;mode=visible&amp;sesskey=".sesskey()."\"><img class=\"iconsmall\" src=\"$pixpath/t/".$vicon."\" alt=\"$vtitle\" /></a>";
$str .= '<td align="center">'.$eicon.'&nbsp;&nbsp;'.$vicon.'</td>'; $str .= '<td align="center">'.$eicon.'&nbsp;&nbsp;'.$vicon.'</td>';
$str .= '</tr>'; $str .= '</tr>';