From bb0ce4793eb96a1ae54ae849e230c68475e4f3d1 Mon Sep 17 00:00:00 2001
From: Juan Leyva <juanleyvadelgado@gmail.com>
Date: Thu, 20 Jun 2019 15:02:33 +0200
Subject: [PATCH] MDL-65973 calendar: Avoid sesskey checks in WS

External function submit_create_update_form should avoid any sesskey checks.
---
 calendar/externallib.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/calendar/externallib.php b/calendar/externallib.php
index 8d4a3a93984..c3901d2de5f 100644
--- a/calendar/externallib.php
+++ b/calendar/externallib.php
@@ -870,6 +870,11 @@ class core_calendar_external extends external_api {
         self::validate_context($context);
         parse_str($params['formdata'], $data);
 
+        if (WS_SERVER) {
+            // Request via WS, ignore sesskey checks in form library.
+            $USER->ignoresesskey = true;
+        }
+
         $eventtype = isset($data['eventtype']) ? $data['eventtype'] : null;
         $coursekey = ($eventtype == 'group') ? 'groupcourseid' : 'courseid';
         $courseid = (!empty($data[$coursekey])) ? $data[$coursekey] : null;