diff --git a/main/coursecopy/copy_course.php b/main/coursecopy/copy_course.php index 8ccda7f656..b5ce409d1a 100755 --- a/main/coursecopy/copy_course.php +++ b/main/coursecopy/copy_course.php @@ -76,10 +76,12 @@ if (Security::check_token('post') && ( $cb = new CourseBuilder(); $course = $cb->build(); - $hidden_fields = array(); - $hidden_fields['same_file_name_option'] = $_POST['same_file_name_option']; - $hidden_fields['destination_course'] = $_POST['destination_course']; - CourseSelectForm::display_form($course, $hidden_fields, true); + $hiddenFields = array(); + $hiddenFields['same_file_name_option'] = $_POST['same_file_name_option']; + $hiddenFields['destination_course'] = $_POST['destination_course']; + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields, true); } else { $table_c = Database :: get_main_table(TABLE_MAIN_COURSE); $table_cu = Database :: get_main_table(TABLE_MAIN_COURSE_USER); diff --git a/main/coursecopy/copy_course_session.php b/main/coursecopy/copy_course_session.php index 58e786636d..d4e7934301 100755 --- a/main/coursecopy/copy_course_session.php +++ b/main/coursecopy/copy_course_session.php @@ -386,13 +386,15 @@ if (Security::check_token('post') && ( $course_origin = api_get_course_info($arr_course_origin[0]); $cb = new CourseBuilder('', $course_origin); $course = $cb->build($origin_session, $arr_course_origin[0], $with_base_content); - //$hidden_fields['same_file_name_option'] = $_POST['same_file_name_option']; - $hidden_fields['destination_course'] = $arr_course_destination[0]; - $hidden_fields['origin_course'] = $arr_course_origin[0]; - $hidden_fields['destination_session'] = $destination_session; - $hidden_fields['origin_session'] = $origin_session; - - CourseSelectForm :: display_form($course, $hidden_fields, true); + //$hiddenFields['same_file_name_option'] = $_POST['same_file_name_option']; + $hiddenFields['destination_course'] = $arr_course_destination[0]; + $hiddenFields['origin_course'] = $arr_course_origin[0]; + $hiddenFields['destination_session'] = $destination_session; + $hiddenFields['origin_session'] = $origin_session; + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + + CourseSelectForm :: display_form($course, $hiddenFields, true); echo '
'. Display::return_icon( 'back.png', diff --git a/main/coursecopy/create_backup.php b/main/coursecopy/create_backup.php index 3bda46bca4..07583c49ee 100755 --- a/main/coursecopy/create_backup.php +++ b/main/coursecopy/create_backup.php @@ -91,7 +91,9 @@ if (Security::check_token('post') && ( $cb = new CourseBuilder('partial'); $course = $cb->build(); - CourseSelectForm::display_form($course); + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields); } else { $cb = new CourseBuilder(); diff --git a/main/coursecopy/import_backup.php b/main/coursecopy/import_backup.php index b1c174119a..4a45d0d96a 100755 --- a/main/coursecopy/import_backup.php +++ b/main/coursecopy/import_backup.php @@ -135,7 +135,10 @@ if (Security::check_token('post') && ( $course = CourseArchiver::read_course($filename, $delete_file); if ($course->has_resources() && ($filename !== false)) { - CourseSelectForm::display_form($course, array('same_file_name_option' => $_POST['same_file_name_option'])); + $hiddenFields['same_file_name_option'] = $_POST['same_file_name_option']; + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields); } elseif ($filename === false) { Display::display_error_message(get_lang('ArchivesDirectoryNotWriteableContactAdmin')); echo '' . get_lang('TryAgain') . ''; diff --git a/main/coursecopy/recycle_course.php b/main/coursecopy/recycle_course.php index f17fd0e60e..8094f8c368 100755 --- a/main/coursecopy/recycle_course.php +++ b/main/coursecopy/recycle_course.php @@ -85,7 +85,9 @@ if (Security::check_token('post') && ( $cb = new CourseBuilder(); $course = $cb->build(); - CourseSelectForm::display_form($course); + // Add token to Course select form + $hiddenFields['sec_token'] = Security::get_token(); + CourseSelectForm::display_form($course, $hiddenFields); } else { $cb = new CourseBuilder(); $course = $cb->build();