moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-20901 fixed input validation

Browse source
This commit is contained in:
Petr Skoda 2009-11-19 19:42:05 +00:00
parent 06a6ed1f18
commit 1a5a7f122f
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
enrol/manual/enrol.html
View file

@ -19,6 +19,7 @@
<input type="password" name="password" size="20" value="<?php p($password) ?>" /> <input type="password" name="password" size="20" value="<?php p($password) ?>" />
<input type="hidden" name="id" value="<?php p($course->id) ?>" /> <input type="hidden" name="id" value="<?php p($course->id) ?>" />
<input type="hidden" name="enrol" value="manual" /> <input type="hidden" name="enrol" value="manual" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="submit" value="<?php print_string("enrolme") ?>" /> <input type="submit" value="<?php print_string("enrolme") ?>" />
</td> </td>
</tr> </tr>

6
enrol/manual/enrol.php
View file

@ -64,12 +64,12 @@ function print_entry($course) {
print_header($strloginto, $course->fullname, "<a href=\".\">$strcourses</a> -> $strloginto"); print_header($strloginto, $course->fullname, "<a href=\".\">$strcourses</a> -> $strloginto");
echo '<br />'; echo '<br />';
notice_yesno(get_string('enrolmentconfirmation'), "enrol.php?id=$course->id&amp;confirm=1", notice_yesno(get_string('enrolmentconfirmation'), "enrol.php?id=$course->id&amp;confirm=1&amp;sesskey=".sesskey(),
"enrol.php?id=$course->id&amp;cancel=1"); "enrol.php?id=$course->id&amp;cancel=1");
print_footer(); print_footer();
exit; exit;
} else if (!empty($_GET['confirm'])) { } else if (!empty($_GET['confirm']) and confirm_sesskey()) {
if (!enrol_into_course($course, $USER, 'manual')) { if (!enrol_into_course($course, $USER, 'manual')) {
print_error('couldnotassignrole'); print_error('couldnotassignrole');
@ -130,7 +130,7 @@ function check_entry($form, $course) {
$form->password = ''; $form->password = '';
} }
if (empty($course->password)) { if (empty($course->password) or !confirm_sesskey()) {
// do not allow entry when no course password set // do not allow entry when no course password set
// automatic login when manual primary, no login when secondary at all!! // automatic login when manual primary, no login when secondary at all!!
error('illegal enrolment attempted'); error('illegal enrolment attempted');