CVE-2014-0213

@@ -472,6 +472,7 @@ public function test_submission_unlocked() {
     }
 
     public function test_submission_graded() {
+        $this->editingteachers[0]->ignoresesskey = true;
         $this->setUser($this->editingteachers[0]);
         $assign = $this->create_instance();
 
@@ -555,6 +556,8 @@ public function test_submission_graded() {
         );
         $this->assertEventLegacyLogData($expected, $event);
         $sink->close();
+        // Revert to defaults.
+        $this->editingteachers[0]->ignoresesskey = false;
     }
 
     /**

@@ -4392,6 +4392,7 @@ protected function process_save_extension(& $mform) {
 
         // Include extension form.
         require_once($CFG->dirroot . '/mod/assign/extensionform.php');
+        require_sesskey();
 
         // Need submit permission to submit an assignment.
         require_capability('mod/assign:grantextension', $this->context);
@@ -4438,6 +4439,7 @@ protected function process_save_quick_grades() {
 
         // Need grade permission.
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // Make sure advanced grading is disabled.
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');
@@ -4674,6 +4676,7 @@ protected function process_save_grading_options() {
 
         // Need submit permission to submit an assignment.
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // Is advanced grading enabled?
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');

@@ -3728,6 +3728,7 @@ private function process_save_extension(& $mform) {
 
         // Include extension form.
         require_once($CFG->dirroot . '/mod/assign/extensionform.php');
+        require_sesskey();
 
         // Need submit permission to submit an assignment.
         require_capability('mod/assign:grantextension', $this->context);
@@ -3774,6 +3775,7 @@ private function process_save_quick_grades() {
 
         // Need grade permission
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // make sure advanced grading is disabled
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');
@@ -3977,6 +3979,7 @@ private function process_save_grading_options() {
 
         // Need submit permission to submit an assignment
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         $mform = new mod_assign_grading_options_form(null, array('cm'=>$this->get_course_module()->id,
                                                                  'contextid'=>$this->context->id,

@@ -4709,6 +4709,7 @@ protected function process_save_extension(& $mform) {
 
         // Include extension form.
         require_once($CFG->dirroot . '/mod/assign/extensionform.php');
+        require_sesskey();
 
         $batchusers = optional_param('selectedusers', '', PARAM_SEQUENCE);
         $userid = 0;
@@ -4752,6 +4753,7 @@ protected function process_save_quick_grades() {
 
         // Need grade permission.
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // Make sure advanced grading is disabled.
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');
@@ -5045,6 +5047,7 @@ protected function process_save_grading_options() {
 
         // Need submit permission to submit an assignment.
         require_capability('mod/assign:grade', $this->context);
+        require_sesskey();
 
         // Is advanced grading enabled?
         $gradingmanager = get_grading_manager($this->get_context(), 'mod_assign', 'submissions');