Skip to content

Commit

Permalink
MDL-72370 badges: require sesskey to remove related badge.
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulholden
paulholden authored and Jenkins committed Nov 2, 2021
1 parent a9256af commit 20d41eb
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
1 change: 1 addition & 0 deletions badges/related_action.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
require_capability('moodle/badges:configuredetails', $context);

if ($action == 'remove') {
require_sesskey();
$badge->delete_related_badge($relatedid);
}

Expand Down
14 changes: 7 additions & 7 deletions badges/renderer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1104,13 +1104,13 @@ protected function render_badge_related(\core_badges\output\badge_related $relat
);
if (!$currentbadge->is_active() && !$currentbadge->is_locked()) {
$action = $this->output->action_icon(
new moodle_url('related_action.php',
array(
'badgeid' => $related->currentbadgeid,
'relatedid' => $badge->id,
'action' => 'remove'
)
), new pix_icon('t/delete', get_string('delete')));
new moodle_url('/badges/related_action.php', [
'badgeid' => $related->currentbadgeid,
'relatedid' => $badge->id,
'sesskey' => sesskey(),
'action' => 'remove'
]),
new pix_icon('t/delete', get_string('delete')));
$actions = html_writer::tag('div', $action, array('class' => 'badge-actions'));
array_push($row, $actions);
}
Expand Down

0 comments on commit 20d41eb

Please sign in to comment.