Commit d4a1fcaf authored by skodak's avatar skodak
Browse files

MDL-16613 sesskey cleanup

parent 4a960ee7
......@@ -63,7 +63,7 @@ admin_externalpage_print_header();
// choose an authentication method
echo "<form $CFG->frametarget id=\"authmenu\" method=\"post\" action=\"auth_config.php\">\n";
echo "<div>\n";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\" />\n";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />\n";
echo "<input type=\"hidden\" name=\"auth\" value=\"".$auth."\" />\n";
// auth plugin description
......
......@@ -163,7 +163,7 @@
$blockobject = $blockobjects[$blockid];
$block = $blocks[$blockid];
$delete = '<a href="blocks.php?delete='.$blockid.'&amp;sesskey='.$USER->sesskey.'">'.$strdelete.'</a>';
$delete = '<a href="blocks.php?delete='.$blockid.'&amp;sesskey='.sesskey().'">'.$strdelete.'</a>';
$settings = ''; // By default, no configuration
if ($blockobject->has_config()) {
......@@ -190,19 +190,19 @@
$class = ''; // Nothing fancy, by default
if ($blocks[$blockid]->visible) {
$visible = '<a href="blocks.php?hide='.$blockid.'&amp;sesskey='.$USER->sesskey.'" title="'.$strhide.'">'.
$visible = '<a href="blocks.php?hide='.$blockid.'&amp;sesskey='.sesskey().'" title="'.$strhide.'">'.
'<img src="'.$CFG->pixpath.'/i/hide.gif" class="icon" alt="'.$strhide.'" /></a>';
} else {
$visible = '<a href="blocks.php?show='.$blockid.'&amp;sesskey='.$USER->sesskey.'" title="'.$strshow.'">'.
$visible = '<a href="blocks.php?show='.$blockid.'&amp;sesskey='.sesskey().'" title="'.$strshow.'">'.
'<img src="'.$CFG->pixpath.'/i/show.gif" class="icon" alt="'.$strshow.'" /></a>';
$class = ' class="dimmed_text"'; // Leading space required!
}
if ($blockobject->instance_allow_multiple()) {
if($blocks[$blockid]->multiple) {
$multiple = '<span style="white-space: nowrap;">'.get_string('yes').' (<a href="blocks.php?multiple='.$blockid.'&amp;sesskey='.$USER->sesskey.'">'.get_string('change', 'admin').'</a>)</span>';
$multiple = '<span style="white-space: nowrap;">'.get_string('yes').' (<a href="blocks.php?multiple='.$blockid.'&amp;sesskey='.sesskey().'">'.get_string('change', 'admin').'</a>)</span>';
}
else {
$multiple = '<span style="white-space: nowrap;">'.get_string('no').' (<a href="blocks.php?multiple='.$blockid.'&amp;sesskey='.$USER->sesskey.'">'.get_string('change', 'admin').'</a>)</span>';
$multiple = '<span style="white-space: nowrap;">'.get_string('no').' (<a href="blocks.php?multiple='.$blockid.'&amp;sesskey='.sesskey().'">'.get_string('change', 'admin').'</a>)</span>';
}
}
else {
......@@ -239,7 +239,7 @@
foreach ($incompatible as $block) {
$table->add_data(array(
$block->name,
'<a href="blocks.php?delete='.$block->id.'&amp;sesskey='.$USER->sesskey.'">'.$strdelete.'</a>',
'<a href="blocks.php?delete='.$block->id.'&amp;sesskey='.sesskey().'">'.$strdelete.'</a>',
));
}
$table->print_html();
......
......@@ -64,7 +64,7 @@
echo "<form $CFG->frametarget id=\"enrolmenu\" method=\"post\" action=\"enrol.php\">";
echo "<div>";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\" />";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
$table = new stdClass();
$table->head = array(get_string('name'), get_string('enable'), get_string('default'), $str->settings);
......
......@@ -45,7 +45,7 @@
echo "<form $CFG->frametarget id=\"enrolmenu\" method=\"post\" action=\"enrol_config.php\">";
echo "<div>";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"".$USER->sesskey."\" />";
echo "<input type=\"hidden\" name=\"sesskey\" value=\"".sesskey()."\" />";
echo "<input type=\"hidden\" name=\"enrol\" value=\"".$enrol."\" />";
/// Print current enrolment type description
......
......@@ -55,7 +55,7 @@
admin_externalpage_print_header();
/// Print the component download link
echo '<div class="reportlink"><a href="environment.php?action=updatecomponent&amp;sesskey='.$USER->sesskey.'">'.$strupdate.'</a></div>';
echo '<div class="reportlink"><a href="environment.php?action=updatecomponent&amp;sesskey='.sesskey().'">'.$strupdate.'</a></div>';
print_heading($strenvironment);
......
......@@ -670,7 +670,7 @@
}
if ($editable) {
$o .= '<tr><td>&nbsp;</td><td><br />';
$o .= '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
$o .= '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
$o .= '<input type="hidden" name="currentfile" value="'.$currentfile.'" />';
$o .= '<input type="hidden" name="mode" value="compare" />';
$o .= '<input type="submit" name="update" tabindex="'.$missingcounter.'" value="'.get_string('savechanges').': '.$currentfile.'" />';
......@@ -819,7 +819,7 @@
// generate an editor for the current help file in $saveto
echo '<fieldset><legend>'.$strsavetotitle.'</legend>';
echo "<form id=\"helpfileeditor\" action=\"lang.php\" method=\"post\">";
echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="currentfile" value="'.$currentfile.'" />';
echo '<input type="hidden" name="mode" value="helpfiles" />';
echo "<div class='mdl-align'>\n";
......
......@@ -169,14 +169,14 @@ if (!$acl) {
foreach ($acl as $aclrecord) {
if ($aclrecord->accessctrl == 'allow') {
$accesscolumn = get_string('allow', 'mnet')
. " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey={$USER->sesskey}\">"
. " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
. get_string('deny', 'mnet') . "</a>)";
} else {
$accesscolumn = get_string('deny', 'mnet')
. " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey={$USER->sesskey}\">"
. " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
. get_string('allow', 'mnet') . "</a>)";
}
$deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey={$USER->sesskey}\">"
$deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
. get_string('delete') . "</a>";
$table->data[] = array ($aclrecord->username, $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
}
......
......@@ -33,7 +33,7 @@ print_heading(get_string('mnetsettings', 'mnet'));
<tr valign="top">
<td width="80">
<form method="post" action="delete.php">
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php sesskey() ?>" />
<input type="hidden" name="hostid" value="<?php echo $mnet_peer->id; ?>" />
<input type="hidden" name="step" value="delete" />
<input type="submit" name="submit" value="<?php print_string('delete'); ?>"/>
......
......@@ -38,7 +38,7 @@
foreach ($courses as $course) {
$link = "$CFG->wwwroot/$CFG->admin/mnet/enr_course_enrol.php?"
. "host={$mnethost}&amp;courseid={$course->id}&amp;sesskey={$USER->sesskey}";
. "host={$mnethost}&amp;courseid={$course->id}&amp;sesskey=".sesskey();
echo '<tr>'
. "<td>$icon</td>"
. "<td><a href=\"$link\">".format_string($course->fullname). "</a></td>"
......
......@@ -37,7 +37,7 @@
. '</tr>';
$hosts = $enrolment->list_remote_servers();
foreach ($hosts as $host) {
$coursesurl = "$CFG->wwwroot/$CFG->admin/mnet/enr_courses.php?host={$host->id}&amp;sesskey={$USER->sesskey}";
$coursesurl = "$CFG->wwwroot/$CFG->admin/mnet/enr_courses.php?host={$host->id}&amp;sesskey=".sesskey();
$coursecount = $DB->get_field_sql("SELECT COUNT(id) FROM {mnet_enrol_course} WHERE hostid=?", array($host->id));
if (empty($coursecount)) {
$coursecount = '?';
......
......@@ -50,9 +50,9 @@
$MNET->get_private_key();
$SESSION->mnet_confirm_delete_key = md5(sha1($MNET->keypair['keypair_PEM'])).':'.time();
notice_yesno(get_string("deletekeycheck", "mnet"),
"index.php?sesskey=$USER->sesskey&amp;confirm=".md5($MNET->public_key),
"index.php?sesskey=".sesskey()."&amp;confirm=".md5($MNET->public_key),
"index.php",
array('sesskey' => $USER->sesskey),
array('sesskey' => sesskey()),
NULL,
'post',
'get');
......@@ -126,7 +126,7 @@
</tr>
<tr valign="top">
<td align="left" width="10" nowrap="nowrap"><?php print_string('expireyourkey', 'mnet'); ?></td>
<td align="left"><input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<td align="left"><input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="deleteKey" value="" />
<input type="submit" name="submit" value="<?php print_string('delete'); ?>" />
</td>
......
......@@ -23,7 +23,7 @@ print_simple_box_start("center", "");
?>
<form method="post" action="peers.php">
<div>
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="step" value="commit" />
<input type="hidden" name="last_connect_time" value="<?php echo $mnet_peer->last_connect_time; ?>" />
<input type="hidden" name="id" value="<?php echo isset($mnet_peer->id)? $mnet_peer->id : '0' ; ?>" />
......
......@@ -20,7 +20,7 @@ print_simple_box_start("center", "");
<form method="post" action="mnet_services.php">
<div>
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="step" value="<?php echo $mnet_peer->nextstep; ?>" />
<input type="hidden" name="hostid" value="<?php echo ($mnet_peer->id)? $mnet_peer->id : '0' ; ?>" />
<table cellpadding="9" cellspacing="0" >
......
......@@ -8,7 +8,7 @@ if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict'
<div id="trustedhosts"><!-- See theme/standard/styles_layout.css #trustedhosts .generaltable for rules -->
<form method="post" action="peers.php">
<div>
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="updateregisterall" value="1" />
<table cellspacing="0" cellpadding="5" class="generaltable generalbox" >
<tr>
......@@ -71,7 +71,7 @@ if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict'
<tr>
<th class="header c4" colspan="4">
<?php print_string('addnewhost', 'mnet'); ?>
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="hidden" name="step" value="input" />
</th>
</tr>
......
......@@ -13,7 +13,7 @@ admin_externalpage_print_header();
<td class="cell c1" colspan="2">
<form method="post" action="trustedhosts.php">
<div>
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<textarea name="hostlist" cols="40" rows="20"><?php echo $trusted_hosts; ?></textarea><br />
<input type="submit" value="<?php print_string('savechanges'); ?>" />
</div>
......@@ -54,7 +54,7 @@ admin_externalpage_print_header();
<td class="cell c1" colspan="2">
<form method="get" action="trustedhosts.php">
<div>
<input type="hidden" name="sesskey" value="<?php echo $USER->sesskey ?>" />
<input type="hidden" name="sesskey" value="<?php echo sesskey() ?>" />
<input type="text" name="testipaddress" value="<?php echo $test_ip_address; ?>" />
<input type="submit" value="<?php print_string('go'); ?>" />
</div>
......
......@@ -21,7 +21,7 @@ if (!data_submitted() or !$search or !$replace or !confirm_sesskey()) { /// Pr
print_simple_box_start('center');
echo '<div class="mdl-align">';
echo '<form action="replace.php" method="post">';
echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo 'Search whole database for: <input type="text" name="search" /><br />';
echo 'Replace with this string: <input type="text" name="replace" /><br />';
echo '<input type="submit" value="Yes, do it now" /><br />';
......
......@@ -87,7 +87,7 @@ if (empty($SITE->fullname)) {
echo '<form action="settings.php" method="post" id="adminsettings">';
echo '<div class="settingsform clearfix">';
echo '<input type="hidden" name="section" value="'.$PAGE->section.'" />';
echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="return" value="'.$return.'" />';
echo $page->output_html();
......@@ -135,7 +135,7 @@ if (empty($SITE->fullname)) {
echo '<form action="settings.php" method="post" id="adminsettings">';
echo '<div class="settingsform clearfix">';
echo '<input type="hidden" name="section" value="'.$PAGE->section.'" />';
echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
echo '<input type="hidden" name="return" value="'.$return.'" />';
print_heading($page->visiblename);
......
......@@ -88,7 +88,7 @@ class block_site_main_menu extends block_list {
if ($ismoving) {
$this->content->icons[] = '<img src="'.$CFG->pixpath.'/t/move.gif" class="iconsmall" alt="" />';
$this->content->items[] = $USER->activitycopyname.'&nbsp;(<a href="'.$CFG->wwwroot.'/course/mod.php?cancelcopy=true&amp;sesskey='.$USER->sesskey.'">'.$strcancel.'</a>)';
$this->content->items[] = $USER->activitycopyname.'&nbsp;(<a href="'.$CFG->wwwroot.'/course/mod.php?cancelcopy=true&amp;sesskey='.sesskey().'">'.$strcancel.'</a>)';
}
if (!empty($section->sequence)) {
......@@ -116,7 +116,7 @@ class block_site_main_menu extends block_list {
if ($mod->id == $USER->activitycopy) {
continue;
}
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?moveto='.$mod->id.'&amp;sesskey='.$USER->sesskey.'">'.
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?moveto='.$mod->id.'&amp;sesskey='.sesskey().'">'.
'<img style="height:16px; width:80px; border:0px" src="'.$CFG->pixpath.'/movehere.gif" alt="'.$strmovehere.'" /></a>';
$this->content->icons[] = '';
}
......@@ -148,7 +148,7 @@ class block_site_main_menu extends block_list {
}
if ($ismoving) {
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?movetosection='.$section->id.'&amp;sesskey='.$USER->sesskey.'">'.
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?movetosection='.$section->id.'&amp;sesskey='.sesskey().'">'.
'<img style="height:16px; width:80px; border:0px" src="'.$CFG->pixpath.'/movehere.gif" alt="'.$strmovehere.'" /></a>';
$this->content->icons[] = '';
}
......
......@@ -94,7 +94,7 @@ class block_social_activities extends block_list {
if ($ismoving) {
$this->content->icons[] = '&nbsp;<img align="bottom" src="'.$CFG->pixpath.'/t/move.gif" class="iconsmall" alt="" />';
$this->content->items[] = $USER->activitycopyname.'&nbsp;(<a href="'.$CFG->wwwroot.'/course/mod.php?cancelcopy=true&amp;sesskey='.$USER->sesskey.'">'.$strcancel.'</a>)';
$this->content->items[] = $USER->activitycopyname.'&nbsp;(<a href="'.$CFG->wwwroot.'/course/mod.php?cancelcopy=true&amp;sesskey='.sesskey().'">'.$strcancel.'</a>)';
}
if (!empty($section) && !empty($section->sequence)) {
......@@ -122,7 +122,7 @@ class block_social_activities extends block_list {
if ($mod->id == $USER->activitycopy) {
continue;
}
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?moveto='.$mod->id.'&amp;sesskey='.$USER->sesskey.'">'.
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?moveto='.$mod->id.'&amp;sesskey='.sesskey().'">'.
'<img style="height:16px; width:80px; border:0px" src="'.$CFG->pixpath.'/movehere.gif" alt="'.$strmovehere.'" /></a>';
$this->content->icons[] = '';
}
......@@ -154,7 +154,7 @@ class block_social_activities extends block_list {
}
if ($ismoving) {
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?movetosection='.$section->id.'&amp;sesskey='.$USER->sesskey.'">'.
$this->content->items[] = '<a title="'.$strmovefull.'" href="'.$CFG->wwwroot.'/course/mod.php?movetosection='.$section->id.'&amp;sesskey='.sesskey().'">'.
'<img style="height:16px; width:80px; border:0px" src="'.$CFG->pixpath.'/movehere.gif" alt="'.$strmovehere.'" /></a>';
$this->content->icons[] = '';
}
......
......@@ -328,11 +328,11 @@
if (has_capability('moodle/course:visibility', $coursecontext) && has_capability('moodle/course:viewhiddencourses', $coursecontext)) {
if (!empty($acourse->visible)) {
echo '<a title="'.$strhide.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;hide='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'&amp;perpage='.$perpage.'&amp;hide='.$acourse->id.'&amp;sesskey='.sesskey().'">'.
'<img src="'.$CFG->pixpath.'/t/hide.gif" class="iconsmall" alt="'.$strhide.'" /></a> ';
} else {
echo '<a title="'.$strshow.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;show='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'&amp;perpage='.$perpage.'&amp;show='.$acourse->id.'&amp;sesskey='.sesskey().'">'.
'<img src="'.$CFG->pixpath.'/t/show.gif" class="iconsmall" alt="'.$strshow.'" /></a> ';
}
} else {
......@@ -357,7 +357,7 @@
if (has_capability('moodle/category:manage', $context)) {
if ($up) {
echo '<a title="'.$strmoveup.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;moveup='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'&amp;perpage='.$perpage.'&amp;moveup='.$acourse->id.'&amp;sesskey='.sesskey().'">'.
'<img src="'.$CFG->pixpath.'/t/up.gif" class="iconsmall" alt="'.$strmoveup.'" /></a> ';
} else {
echo $spacer;
......@@ -365,7 +365,7 @@
if ($down) {
echo '<a title="'.$strmovedown.'" href="category.php?id='.$category->id.'&amp;page='.$page.
'&amp;perpage='.$perpage.'&amp;movedown='.$acourse->id.'&amp;sesskey='.$USER->sesskey.'">'.
'&amp;perpage='.$perpage.'&amp;movedown='.$acourse->id.'&amp;sesskey='.sesskey().'">'.
'<img src="'.$CFG->pixpath.'/t/down.gif" class="iconsmall" alt="'.$strmovedown.'" /></a> ';
} else {
echo $spacer;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment