Add CSRF token to course backup import method
In the course backup import method, there doesn't seem to be a CSRF protection, which also means that a simple refresh of the page re-executes the import.
This is an issue, in particular in distributed clusters, as the cluster itself might decide, if the operation takes too long, to ask another back-end, and in this case you end up with as many import as the number of back-ends.
Please add CSRF validation to course export, course import and course copy.
Updated by Daniel Barreto over 5 years ago
- % Done changed from 0 to 40
- Add Security token(generate, add to form, check, clear) into these scripts:
main/coursecopy/copy_course.php main/coursecopy/copy_course_session.php main/coursecopy/create_backup.php main/coursecopy/import_backup.php main/coursecopy/recycle_course.php