ILB
/
moodle-mod_attendance
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fixes #144 - check sesskey when performing actions.

MOODLE_29_STABLE
Dan Marsden 9 years ago
parent
027c995916
commit
fd64772182
2 changed files with 13 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      preferences.php
  2. 18
      renderer.php

5
preferences.php
View File

@ -58,6 +58,11 @@ $PAGE->navbar->add(get_string('settings', 'attendance'));
$errors = array(); $errors = array();
// Check sesskey if we are performing an action.
if (!empty($att->pageparams->action)) {
require_sesskey();
}
switch ($att->pageparams->action) { switch ($att->pageparams->action) {
case att_preferences_page_params::ACTION_ADD: case att_preferences_page_params::ACTION_ADD:
$newacronym = optional_param('newacronym', null, PARAM_TEXT); $newacronym = optional_param('newacronym', null, PARAM_TEXT);

18
renderer.php
View File

@ -1006,6 +1006,9 @@ class mod_attendance_renderer extends plugin_renderer_base {
$o = html_writer::tag('h1', get_string('myvariables', 'attendance')); $o = html_writer::tag('h1', get_string('myvariables', 'attendance'));
$o .= html_writer::table($table); $o .= html_writer::table($table);
$o .= html_writer::input_hidden_params($prefdata->url(array(), false)); $o .= html_writer::input_hidden_params($prefdata->url(array(), false));
// We should probably rewrite this to use mforms but for now add sesskey.
$o .= html_writer::empty_tag('input', array('type' => 'hidden', 'name' => 'sesskey', 'value' => sesskey()))."\n";
$o .= $this->construct_preferences_button(get_string('update', 'attendance'), att_preferences_page_params::ACTION_SAVE); $o .= $this->construct_preferences_button(get_string('update', 'attendance'), att_preferences_page_params::ACTION_SAVE);
$o = html_writer::tag('form', $o, array('id' => 'preferencesform', 'method' => 'post', $o = html_writer::tag('form', $o, array('id' => 'preferencesform', 'method' => 'post',
'action' => $prefdata->url(array(), false)->out_omit_querystring())); 'action' => $prefdata->url(array(), false)->out_omit_querystring()));
@ -1026,26 +1029,21 @@ class mod_attendance_renderer extends plugin_renderer_base {
private function construct_preferences_actions_icons($st, $prefdata) { private function construct_preferences_actions_icons($st, $prefdata) {
global $OUTPUT; global $OUTPUT;
$params = array('sesskey' => sesskey(),
'statusid' => $st->id);
if ($st->visible) { if ($st->visible) {
$params = array( $params['action'] = att_preferences_page_params::ACTION_HIDE;
'action' => att_preferences_page_params::ACTION_HIDE,
'statusid' => $st->id);
$showhideicon = $OUTPUT->action_icon( $showhideicon = $OUTPUT->action_icon(
$prefdata->url($params), $prefdata->url($params),
new pix_icon("t/hide", get_string('hide'))); new pix_icon("t/hide", get_string('hide')));
} else { } else {
$params = array( $params['action'] = att_preferences_page_params::ACTION_SHOW;
'action' => att_preferences_page_params::ACTION_SHOW,
'statusid' => $st->id);
$showhideicon = $OUTPUT->action_icon( $showhideicon = $OUTPUT->action_icon(
$prefdata->url($params), $prefdata->url($params),
new pix_icon("t/show", get_string('show'))); new pix_icon("t/show", get_string('show')));
} }
if (!$st->haslogs) { if (!$st->haslogs) {
$params = array( $params['action'] = att_preferences_page_params::ACTION_DELETE;
'action' => att_preferences_page_params::ACTION_DELETE,
'statusid' => $st->id);
$deleteicon = $OUTPUT->action_icon( $deleteicon = $OUTPUT->action_icon(
$prefdata->url($params), $prefdata->url($params),
new pix_icon("t/delete", get_string('delete'))); new pix_icon("t/delete", get_string('delete')));

Write Preview
Loading…
Cancel
Save