moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

course/view.php is using sesskey

Browse source 
(changes in blocks done, please check them)

Merged from MOODLE_14_STABLE
This commit is contained in:
stronk7 2004-10-09 20:16:05 +00:00
parent 967cd1164b
commit 5b224948aa
5 changed files with 28 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

16
blocks/moodleblock.class.php
View file

@ -119,7 +119,7 @@ class MoodleBlock {
} }
function add_edit_controls($options, $blockid) { function add_edit_controls($options, $blockid) {
global $CFG, $THEME; global $CFG, $THEME, $USER;
// The block may be disabled // The block may be disabled
$blockid = intval($blockid); $blockid = intval($blockid);
@ -143,6 +143,8 @@ class MoodleBlock {
} else { } else {
$pixpath = $path.'/../theme/'.$CFG->theme.'/pix'; $pixpath = $path.'/../theme/'.$CFG->theme.'/pix';
} }
$sesskeystr = '&sesskey='.$USER->sesskey;
$movebuttons = '<div style="float: right;">'; $movebuttons = '<div style="float: right;">';
@ -155,26 +157,26 @@ class MoodleBlock {
$title = $this->str->show; $title = $this->str->show;
} }
$movebuttons .= '<a style="margin-right: 6px; margin-left: 3px;" title="'.$title.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=toggle&amp;blockid='.$blockid.'">' . $movebuttons .= '<a style="margin-right: 6px; margin-left: 3px;" title="'.$title.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=toggle&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.$icon.'" alt="" /></a>'; '<img src="'.$pixpath.$icon.'" alt="" /></a>';
$movebuttons .= '<a title="'.$this->str->delete.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=delete&amp;blockid='.$blockid.'">' . $movebuttons .= '<a title="'.$this->str->delete.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=delete&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/delete.gif" alt="" /></a> '; '<img src="'.$pixpath.'/t/delete.gif" alt="" /></a> ';
if ($options & BLOCK_MOVE_LEFT) { if ($options & BLOCK_MOVE_LEFT) {
$movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveleft.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.'">' . $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveleft.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/left.gif" alt="" /></a>'; '<img src="'.$pixpath.'/t/left.gif" alt="" /></a>';
} }
if ($options & BLOCK_MOVE_UP) { if ($options & BLOCK_MOVE_UP) {
$movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveup.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveup&amp;blockid='.$blockid.'">' . $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveup.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveup&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/up.gif" alt="" /></a>'; '<img src="'.$pixpath.'/t/up.gif" alt="" /></a>';
} }
if ($options & BLOCK_MOVE_DOWN) { if ($options & BLOCK_MOVE_DOWN) {
$movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->movedown.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=movedown&amp;blockid='.$blockid.'">' . $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->movedown.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=movedown&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/down.gif" alt="" /></a>'; '<img src="'.$pixpath.'/t/down.gif" alt="" /></a>';
} }
if ($options & BLOCK_MOVE_RIGHT) { if ($options & BLOCK_MOVE_RIGHT) {
$movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveright.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.'">' . $movebuttons .= '<a style="margin-right: 2px; margin-left: 2px;" title="'.$this->str->moveright.'" href="'.$path.'/view.php?id='.$this->course->id.'&amp;blockaction=moveside&amp;blockid='.$blockid.$sesskeystr.'">' .
'<img src="'.$pixpath.'/t/right.gif" alt="" /></a>'; '<img src="'.$pixpath.'/t/right.gif" alt="" /></a>';
} }

14
course/format/topics/format.php
View file

@ -31,7 +31,7 @@
} }
} }
if (isteacher($course->id) and isset($marker)) { if (isteacher($course->id) and isset($marker) and confirm_sesskey()) {
$course->marker = $marker; $course->marker = $marker;
if (! set_field("course", "marker", $marker, "id", $course->id)) { if (! set_field("course", "marker", $marker, "id", $course->id)) {
error("Could not mark that topic for this course"); error("Could not mark that topic for this course");
@ -222,28 +222,28 @@
if (isediting($course->id)) { if (isediting($course->id)) {
if ($course->marker == $section) { // Show the "light globe" on/off if ($course->marker == $section) { // Show the "light globe" on/off
echo "<a href=\"view.php?id=$course->id&amp;marker=0\" title=\"$strmarkedthistopic\">". echo "<a href=\"view.php?id=$course->id&amp;marker=0&amp;sesskey=$USER->sesskey\" title=\"$strmarkedthistopic\">".
"<img src=\"$CFG->pixpath/i/marked.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/i/marked.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} else { } else {
echo "<a href=\"view.php?id=$course->id&amp;marker=$section\" title=\"$strmarkthistopic\">". echo "<a href=\"view.php?id=$course->id&amp;marker=$section&amp;sesskey=$USER->sesskey\" title=\"$strmarkthistopic\">".
"<img src=\"$CFG->pixpath/i/marker.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/i/marker.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} }
if ($thissection->visible) { // Show the hide/show eye if ($thissection->visible) { // Show the hide/show eye
echo "<a href=\"view.php?id=$course->id&amp;hide=$section\" title=\"$strtopichide\">". echo "<a href=\"view.php?id=$course->id&amp;hide=$section&amp;sesskey=$USER->sesskey\" title=\"$strtopichide\">".
"<img src=\"$CFG->pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} else { } else {
echo "<a href=\"view.php?id=$course->id&amp;show=$section\" title=\"$strtopicshow\">". echo "<a href=\"view.php?id=$course->id&amp;show=$section&amp;sesskey=$USER->sesskey\" title=\"$strtopicshow\">".
"<img src=\"$CFG->pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} }
if ($section > 1) { // Add a arrow to move section up if ($section > 1) { // Add a arrow to move section up
echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=-1\" title=\"$strmoveup\">". echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=-1&amp;sesskey=$USER->sesskey\" title=\"$strmoveup\">".
"<img src=\"$CFG->pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
} }
if ($section < $course->numsections) { // Add a arrow to move section down if ($section < $course->numsections) { // Add a arrow to move section down
echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=1\" title=\"$strmovedown\">". echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=1&amp;sesskey=$USER->sesskey\" title=\"$strmovedown\">".
"<img src=\"$CFG->pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
} }

8
course/format/weeks/format.php
View file

@ -215,20 +215,20 @@
if (isediting($course->id)) { if (isediting($course->id)) {
if ($thissection->visible) { // Show the hide/show eye if ($thissection->visible) { // Show the hide/show eye
echo "<a href=\"view.php?id=$course->id&amp;hide=$section\" title=\"$strweekhide\">". echo "<a href=\"view.php?id=$course->id&amp;hide=$section&amp;sesskey=$USER->sesskey\" title=\"$strweekhide\">".
"<img src=\"$CFG->pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/i/hide.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} else { } else {
echo "<a href=\"view.php?id=$course->id&amp;show=$section\" title=\"$strweekshow\">". echo "<a href=\"view.php?id=$course->id&amp;show=$section&amp;sesskey=$USER->sesskey\" title=\"$strweekshow\">".
"<img src=\"$CFG->pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/i/show.gif\" vspace=\"3\" height=\"16\" width=\"16\" border=\"0\" alt=\"\" /></a><br />";
} }
if ($section > 1) { // Add a arrow to move section up if ($section > 1) { // Add a arrow to move section up
echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=-1\" title=\"$strmoveup\">". echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=-1&amp;sesskey=$USER->sesskey\" title=\"$strmoveup\">".
"<img src=\"$CFG->pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/t/up.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
} }
if ($section < $course->numsections) { // Add a arrow to move section down if ($section < $course->numsections) { // Add a arrow to move section down
echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=1\" title=\"$strmovedown\">". echo "<a href=\"view.php?id=$course->id&amp;section=$section&amp;move=1&amp;sesskey=$USER->sesskey\" title=\"$strmovedown\">".
"<img src=\"$CFG->pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />"; "<img src=\"$CFG->pixpath/t/down.gif\" vspace=\"3\" height=\"11\" width=\"11\" border=\"0\" alt=\"\" /></a><br />";
} }

8
course/view.php
View file

@ -75,15 +75,15 @@
$editing = $USER->editing; $editing = $USER->editing;
if (isset($hide)) { if (isset($hide) and confirm_sesskey()) {
set_section_visible($course->id, $hide, '0'); set_section_visible($course->id, $hide, '0');
} }
if (isset($show)) { if (isset($show) and confirm_sesskey()) {
set_section_visible($course->id, $show, '1'); set_section_visible($course->id, $show, '1');
} }
if (isset($_GET['blockaction'])) { if (isset($_GET['blockaction']) and confirm_sesskey()) {
if (isset($_GET['blockid'])) { if (isset($_GET['blockid'])) {
block_action($course, $leftblocks, $rightblocks, strtolower($_GET['blockaction']), intval($_GET['blockid'])); block_action($course, $leftblocks, $rightblocks, strtolower($_GET['blockaction']), intval($_GET['blockid']));
} }
@ -118,7 +118,7 @@
} }
if (!empty($section)) { if (!empty($section)) {
if (!empty($move)) { if (!empty($move) and confirm_sesskey()) {
if (!move_section($course, $section, $move)) { if (!move_section($course, $section, $move)) {
notify("An error occurred while moving a section"); notify("An error occurred while moving a section");
} }

5
lib/blocklib.php
View file

@ -405,6 +405,9 @@ function block_find($blockid, $leftblocks, $rightblocks) {
//This function prints the block to admin blocks as necessary //This function prints the block to admin blocks as necessary
function block_print_blocks_admin(&$course, $missingblocks) { function block_print_blocks_admin(&$course, $missingblocks) {
global $USER;
if (isediting($course->id)) { if (isediting($course->id)) {
$strblocks = get_string('blocks'); $strblocks = get_string('blocks');
$stradd = get_string('add'); $stradd = get_string('add');
@ -425,7 +428,7 @@ function block_print_blocks_admin(&$course, $missingblocks) {
else { else {
$target = 'view.php'; $target = 'view.php';
} }
$content = popup_form($target.'?id='.$course->id.'&amp;blockaction=add&amp;blockid=', $content = popup_form($target.'?id='.$course->id.'&amp;blockaction=add&amp;sesskey='.$USER->sesskey.'&amp;blockid=',
$menu, 'add_block', '', "$stradd...", '', '', true); $menu, 'add_block', '', "$stradd...", '', '', true);
$content = '<div align="center">'.$content.'</div>'; $content = '<div align="center">'.$content.'</div>';
print_side_block($strblocks, $content, NULL, NULL, NULL); print_side_block($strblocks, $content, NULL, NULL, NULL);