diff --git a/main/coursecopy/copy_course.php b/main/coursecopy/copy_course.php index 8ccda7f656..c02bca6606 100755 --- a/main/coursecopy/copy_course.php +++ b/main/coursecopy/copy_course.php @@ -79,6 +79,8 @@ if (Security::check_token('post') && ( $hidden_fields = array(); $hidden_fields['same_file_name_option'] = $_POST['same_file_name_option']; $hidden_fields['destination_course'] = $_POST['destination_course']; + // Add token to Course select form + $hidden_fields['sec_token'] = Security::get_token(); CourseSelectForm::display_form($course, $hidden_fields, true); } else { $table_c = Database :: get_main_table(TABLE_MAIN_COURSE); diff --git a/main/coursecopy/copy_course_session.php b/main/coursecopy/copy_course_session.php index 58e786636d..ea8244ee75 100755 --- a/main/coursecopy/copy_course_session.php +++ b/main/coursecopy/copy_course_session.php @@ -391,6 +391,8 @@ if (Security::check_token('post') && ( $hidden_fields['origin_course'] = $arr_course_origin[0]; $hidden_fields['destination_session'] = $destination_session; $hidden_fields['origin_session'] = $origin_session; + // Add token to Course select form + $hidden_fields['sec_token'] = Security::get_token(); CourseSelectForm :: display_form($course, $hidden_fields, true); echo '
'. diff --git a/main/coursecopy/create_backup.php b/main/coursecopy/create_backup.php index 3bda46bca4..07583c49ee 100755 --- a/main/coursecopy/create_backup.php +++ b/main/coursecopy/create_backup.php @@ -91,7 +91,9 @@ if (Security::check_token('post') && ( $cb = new CourseBuilder('partial'); $course = $cb->build(); - CourseSelectForm::display_form($course); + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields); } else { $cb = new CourseBuilder(); diff --git a/main/coursecopy/import_backup.php b/main/coursecopy/import_backup.php index b1c174119a..64bde18bb3 100755 --- a/main/coursecopy/import_backup.php +++ b/main/coursecopy/import_backup.php @@ -135,7 +135,12 @@ if (Security::check_token('post') && ( $course = CourseArchiver::read_course($filename, $delete_file); if ($course->has_resources() && ($filename !== false)) { - CourseSelectForm::display_form($course, array('same_file_name_option' => $_POST['same_file_name_option'])); + $hiddenFields = array( + 'same_file_name_option' => $_POST['same_file_name_option'], + ); + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields); } elseif ($filename === false) { Display::display_error_message(get_lang('ArchivesDirectoryNotWriteableContactAdmin')); echo '' . get_lang('TryAgain') . ''; diff --git a/main/coursecopy/recycle_course.php b/main/coursecopy/recycle_course.php index f17fd0e60e..8094f8c368 100755 --- a/main/coursecopy/recycle_course.php +++ b/main/coursecopy/recycle_course.php @@ -85,7 +85,9 @@ if (Security::check_token('post') && ( $cb = new CourseBuilder(); $course = $cb->build(); - CourseSelectForm::display_form($course); + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields); } else { $cb = new CourseBuilder(); $course = $cb->build();