Merge branch '1.9.x' of ssh://github.com/chamilo/chamilo-lms into chamilo19

main/coursecopy/copy_course.php

@@ -76,10 +76,12 @@ if (Security::check_token('post') && (
 
     $cb = new CourseBuilder();
     $course = $cb->build();
-    $hidden_fields = array();
-    $hidden_fields['same_file_name_option'] = $_POST['same_file_name_option'];
-    $hidden_fields['destination_course']    = $_POST['destination_course'];
-    CourseSelectForm::display_form($course, $hidden_fields, true);
+    $hiddenFields = array();
+    $hiddenFields['same_file_name_option'] = $_POST['same_file_name_option'];
+    $hiddenFields['destination_course']    = $_POST['destination_course'];
+    // Add token to Course select form
+    $hiddenFields['sec_token'] = Security::get_token();
+    CourseSelectForm::display_form($course, $hiddenFields, true);
 } else {
     $table_c = Database :: get_main_table(TABLE_MAIN_COURSE);
     $table_cu = Database :: get_main_table(TABLE_MAIN_COURSE_USER);

main/coursecopy/copy_course_session.php

@@ -386,13 +386,15 @@ if (Security::check_token('post') && (
         $course_origin = api_get_course_info($arr_course_origin[0]);
         $cb = new CourseBuilder('', $course_origin);
         $course = $cb->build($origin_session, $arr_course_origin[0], $with_base_content);
-        //$hidden_fields['same_file_name_option'] = $_POST['same_file_name_option'];
-        $hidden_fields['destination_course'] 	= $arr_course_destination[0];
-        $hidden_fields['origin_course'] 		= $arr_course_origin[0];
-        $hidden_fields['destination_session'] 	= $destination_session;
-        $hidden_fields['origin_session'] 		= $origin_session;
-
-        CourseSelectForm :: display_form($course, $hidden_fields, true);
+        //$hiddenFields['same_file_name_option'] = $_POST['same_file_name_option'];
+        $hiddenFields['destination_course'] 	= $arr_course_destination[0];
+        $hiddenFields['origin_course'] 		= $arr_course_origin[0];
+        $hiddenFields['destination_session'] 	= $destination_session;
+        $hiddenFields['origin_session'] 		= $origin_session;
+        // Add token to Course select form
+        $hiddenFields['sec_token'] = Security::get_token();
+
+        CourseSelectForm :: display_form($course, $hiddenFields, true);
         echo '<div style="float:right"><a href="javascript:window.back();">'.
             Display::return_icon(
                 'back.png',

main/coursecopy/create_backup.php

@@ -91,7 +91,9 @@ if (Security::check_token('post') && (
 
     $cb = new CourseBuilder('partial');
     $course = $cb->build();
-    CourseSelectForm::display_form($course);
+    // Add token to Course select form
+    $hiddenFields['sec_token'] = Security::get_token();
+    CourseSelectForm::display_form($course, $hiddenFields);
 
 } else {
     $cb = new CourseBuilder();

main/coursecopy/import_backup.php

@@ -135,7 +135,10 @@ if (Security::check_token('post') && (
     $course = CourseArchiver::read_course($filename, $delete_file);
 
     if ($course->has_resources() && ($filename !== false)) {
-        CourseSelectForm::display_form($course, array('same_file_name_option' => $_POST['same_file_name_option']));
+        $hiddenFields['same_file_name_option'] = $_POST['same_file_name_option'];
+        // Add token to Course select form
+        $hiddenFields['sec_token'] = Security::get_token();
+        CourseSelectForm::display_form($course, $hiddenFields);
     } elseif ($filename === false) {
         Display::display_error_message(get_lang('ArchivesDirectoryNotWriteableContactAdmin'));
         echo '<a class="btn" href="import_backup.php?' . api_get_cidreq() . '">' . get_lang('TryAgain') . '</a>';

main/coursecopy/recycle_course.php

@@ -85,7 +85,9 @@ if (Security::check_token('post') && (
 
     $cb = new CourseBuilder();
     $course = $cb->build();
-    CourseSelectForm::display_form($course);
+    // Add token to Course select form
+    $hiddenFields['sec_token'] = Security::get_token();
+    CourseSelectForm::display_form($course, $hiddenFields);
 } else {
     $cb = new CourseBuilder();
     $course = $cb->build();