moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 16:36:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

admin/block.php is now using sesskey.

Browse source 
And bug where one object was used like an array.

Merged from MOODLE_14_STABLE
This commit is contained in:
stronk7 2004-10-02 23:15:51 +00:00
parent 398ef378dc
commit c1b70c8edc
2 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
admin/block.php
View file

@ -14,6 +14,10 @@
error("Site isn't defined!"); error("Site isn't defined!");
} }
if (!confirm_sesskey()) {
error(get_string('confirmsesskeybad', 'error'));
}
require_variable($_REQUEST['block']); require_variable($_REQUEST['block']);
$blockid = intval($_REQUEST['block']); $blockid = intval($_REQUEST['block']);
@ -29,7 +33,7 @@
/// If data submitted, then process and store. /// If data submitted, then process and store.
if ($config = data_submitted()) { if ($config = data_submitted()) {
unset($config['block']); // This will always be set if we have reached this point unset($config->block); // This will always be set if we have reached this point
$block->handle_config($config); $block->handle_config($config);
print_header(); print_header();
redirect("$CFG->wwwroot/$CFG->admin/blocks.php", get_string("changessaved"), 1); redirect("$CFG->wwwroot/$CFG->admin/blocks.php", get_string("changessaved"), 1);

2
admin/blocks.php
View file

@ -152,7 +152,7 @@
$settings = ''; // By default, no configuration $settings = ''; // By default, no configuration
if($blockobject->has_config()) { if($blockobject->has_config()) {
$settings = '<a href="block.php?block='.$blockid.'">'.$strsettings.'</a>'; $settings = '<a href="block.php?block='.$blockid.'&sesskey='.$USER->sesskey.'">'.$strsettings.'</a>';
} }
$count = blocks_get_courses_using_block_by_id($blockid); $count = blocks_get_courses_using_block_by_id($blockid);