#9 check sesskey

classes/output/answermenu.php

@@ -58,6 +58,7 @@ class answermenu implements \renderable, \templatable {
         $urlparams['annotationid'] = $annotationid;
         $urlparams['itemsperpage'] = $itemsperpage;
         $urlparams['answerfilter'] = $answerfilter;
+        $urlparams['sesskey'] = sesskey();
         $url = new moodle_url($CFG->wwwroot . '/mod/pdfannotator/view.php', $urlparams);
 
         $this->url = $url;

classes/output/comment.php

@@ -261,7 +261,7 @@ class comment implements \renderable, \templatable {
     private function addforwardbutton($comment, $forwardquestions, $cm) {
         if (!isset($comment->type) && $comment->isquestion && !$comment->isdeleted && $forwardquestions) {
             global $CFG;
-            $urlparams = ['id' => $cm->id, 'action' => 'forwardquestion', 'commentid' => $comment->uuid];
+            $urlparams = ['id' => $cm->id, 'action' => 'forwardquestion', 'commentid' => $comment->uuid, 'sesskey' => sesskey()];
             $url = new moodle_url($CFG->wwwroot . '/mod/pdfannotator/view.php', $urlparams);
 
             $comment->buttons[] = ["classes" => "comment-forward-a", "attributes" => ["name" => "onclick", "value" => "window.location.href = '$url';"],

classes/output/questionmenu.php

@@ -44,6 +44,7 @@ class questionmenu implements \renderable, \templatable {
         $urlparams['action'] = 'forwardquestion';
         $urlparams['fromoverview'] = '1';
         $urlparams['commentid'] = $commentid;
+        $urlparams['sesskey'] = sesskey();
         $url = new moodle_url($CFG->wwwroot . '/mod/pdfannotator/view.php', $urlparams);
 
         $this->url = $url;

controller.php

@@ -28,6 +28,8 @@ $taburl = new moodle_url('/mod/pdfannotator/view.php', array('id' => $id));
 
 $myrenderer = $PAGE->get_renderer('mod_pdfannotator');
 
+require_course_login($pdfannotator->course, true, $cm);
+
 /* * ********************************************** Display overview page *********************************************** */
 
 if ($action === 'overview') {
@@ -36,6 +38,7 @@ if ($action === 'overview') {
 }
 
 if ($action === 'forwardquestion') {
+    require_sesskey();
     require_capability('mod/pdfannotator:forwardquestions', $context);
     require_once($CFG->dirroot . '/mod/pdfannotator/forward_form.php');
     global $USER;
@@ -182,7 +185,7 @@ if ($action === 'overviewquestions') {
  * all answers.
  */
 if ($action === 'subscribeQuestion') {
-
+    require_sesskey();
     require_capability('mod/pdfannotator:subscribe', $context);
 
     global $DB;
@@ -205,7 +208,7 @@ if ($action === 'subscribeQuestion') {
  * answers to questions to which the user is subscribed.
  */
 if ($action === 'unsubscribeQuestion') {
-
+    require_sesskey();
     require_capability('mod/pdfannotator:subscribe', $context);
 
     global $DB;
@@ -306,6 +309,7 @@ if ($action === 'overviewownposts') {
  * (either unread reports (reportfiler == 0) or all reports (reportfilter == 2)).
  */
 if ($action === 'markreportasread') { // XXX Rename key and move it into $action === 'overviewreports'
+    require_sesskey();
     require_capability('mod/pdfannotator:viewreports', $context);
 
     global $DB;
@@ -341,6 +345,7 @@ if ($action === 'markreportasread') { // XXX Rename key and move it into $action
  * (either unread reports (reportfiler == 0) or all reports (reportfilter == 2)).
  */
 if ($action === 'markreportasunread') { // XXX Rename key and move it into $action === 'overviewreports'
+    require_sesskey();
     require_capability('mod/pdfannotator:viewreports', $context);
 
     global $DB;
@@ -484,6 +489,7 @@ if ($action === 'report') {
         echo $myrenderer->pdfannotator_render_tabs($taburl, $action, $pdfannotator->name, $context);
         pdfannotator_display_embed($pdfannotator, $cm, $course, $file);
     } else if ($report = $mform->get_data()) { // Process validated data. $mform->get_data() returns data posted in form.
+        require_sesskey();
         global $USER;
 
         // 1. Notify course manager(s).