moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-23139, fixed CSRF in wiki editing page

Browse source
This commit is contained in:
Dongsheng Cai 2010-11-08 07:43:18 +00:00
parent f979f128bf
commit d2807da895
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
mod/wiki/lock.php
View file

@ -37,6 +37,10 @@ require_once($CFG->dirroot . '/mod/wiki/lib.php');
require_once($CFG->dirroot . '/mod/wiki/locallib.php'); require_once($CFG->dirroot . '/mod/wiki/locallib.php');
require_once($CFG->dirroot . '/mod/wiki/pagelib.php'); require_once($CFG->dirroot . '/mod/wiki/pagelib.php');
if (!confirm_sesskey()) {
print_error('invalidsesskey');
}
$pageid = required_param('pageid', PARAM_INT); $pageid = required_param('pageid', PARAM_INT);
$section = optional_param('section', "", PARAM_TEXT); $section = optional_param('section', "", PARAM_TEXT);

8
mod/wiki/module.js
View file

@ -40,12 +40,14 @@ M.mod_wiki.init = function(Y, args) {
}; };
M.mod_wiki.renew_lock = function(Y, args) { M.mod_wiki.renew_lock = function(Y, args) {
function renewLock() { function renewLock() {
var args = 'pageid=' + wiki.pageid; var args = {};
args['sesskey'] = M.cfg.sesskey;
args['pageid'] = wiki.pageid;
if (wiki.section) { if (wiki.section) {
args += '&section=' + wiki.section; args['section'] = wiki.section;
} }
var callback = {}; var callback = {};
YAHOO.util.Connect.asyncRequest('GET', 'lock.php?' + args, callback); YAHOO.util.Connect.asyncRequest('GET', 'lock.php?' + build_querystring(args), callback);
} }
setInterval(renewLock, wiki.renew_lock_timeout * 1000); setInterval(renewLock, wiki.renew_lock_timeout * 1000);
} }