Mahara

Drop / ignore LTI parameters that Mahara doesn't need

  1. Series 17.10
  2. Bug #1825894
Bug #1825894 reported by Kristina Hoeppner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
Robert Lyon
Mahara 19.04.0
17.10
Fix Released
Medium
Unassigned
Mahara 17.10.8
18.04
Fix Released
Medium
Unassigned
Mahara 18.04.4
18.10
Fix Released
Medium
Unassigned
Mahara 18.10.1
19.04
Fix Released
Medium
Robert Lyon
Mahara 19.04.0

Bug Description

LTI sometimes sends parameters through that Mahara doesn't require. Rather than whitelisting them as suggested in bug #1785542. We reviewed things again and there don't seem to be any security concerns after all that we would need to take into consideration.

So we'll drop / ignore any parameters that Mahara doesn't need like we do for parameters that start with "custom". That means that when they are ignored, a site admin should see a message on the screen when not in production mode to that effect so they know what has been ignored.

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/9818

Revision history for this message
Robert Lyon (robertl-9) wrote :

So we will now ignore any unknown parameter and let the user know by recording this in the Mahara error log / display to screen if not in production mode

However, we now will not be returning the info about the extra parameters back to the system that made the webservice call

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/9818
Committed: https://git.mahara.org/mahara/mahara/commit/515cfba646dee807fda37faeb89f8e71d132b379
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 515cfba646dee807fda37faeb89f8e71d132b379
Author: Robert Lyon <email address hidden>
Date: Tue Apr 23 11:06:58 2019 +1200

Bug 1825894: Ignore extra parameters in webservices

We had a patch for ignoring parameters prefixed with 'custom_' in
bug 1697909 - but there were still problems from users when trying to
install LTI connections.

So we will now ignore any unknown parameter and let the user know by
recording this in the Mahara error log - we however will not be
returning the info about the extra parameters back to the system that
made the webservice call

behatnotneeded

Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "19.04_STABLE" branch: https://reviews.mahara.org/9821

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/9821
Committed: https://git.mahara.org/mahara/mahara/commit/e39ac7ce2f9824a67ac91e38fa76b80b4b392423
Submitter: Robert Lyon (<email address hidden>)
Branch: 19.04_STABLE

commit e39ac7ce2f9824a67ac91e38fa76b80b4b392423
Author: Robert Lyon <email address hidden>
Date: Tue Apr 23 11:06:58 2019 +1200

Bug 1825894: Ignore extra parameters in webservices

We had a patch for ignoring parameters prefixed with 'custom_' in
bug 1697909 - but there were still problems from users when trying to
install LTI connections.

So we will now ignore any unknown parameter and let the user know by
recording this in the Mahara error log - we however will not be
returning the info about the extra parameters back to the system that
made the webservice call

behatnotneeded

Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 515cfba646dee807fda37faeb89f8e71d132b379)

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "18.10_STABLE" branch: https://reviews.mahara.org/9822

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/9822
Committed: https://git.mahara.org/mahara/mahara/commit/3f05d3f4d7c5d76cd1b6b340fe3efc4572e8714e
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.10_STABLE

commit 3f05d3f4d7c5d76cd1b6b340fe3efc4572e8714e
Author: Robert Lyon <email address hidden>
Date: Tue Apr 23 11:06:58 2019 +1200

Bug 1825894: Ignore extra parameters in webservices

We had a patch for ignoring parameters prefixed with 'custom_' in
bug 1697909 - but there were still problems from users when trying to
install LTI connections.

So we will now ignore any unknown parameter and let the user know by
recording this in the Mahara error log - we however will not be
returning the info about the extra parameters back to the system that
made the webservice call

behatnotneeded

Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 515cfba646dee807fda37faeb89f8e71d132b379)
(cherry picked from commit e39ac7ce2f9824a67ac91e38fa76b80b4b392423)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "18.04_STABLE" branch: https://reviews.mahara.org/9823

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/9823
Committed: https://git.mahara.org/mahara/mahara/commit/6a44495b1ec01553473deb3a4b15d98625802c58
Submitter: Robert Lyon (<email address hidden>)
Branch: 18.04_STABLE

commit 6a44495b1ec01553473deb3a4b15d98625802c58
Author: Robert Lyon <email address hidden>
Date: Tue Apr 23 11:06:58 2019 +1200

Bug 1825894: Ignore extra parameters in webservices

We had a patch for ignoring parameters prefixed with 'custom_' in
bug 1697909 - but there were still problems from users when trying to
install LTI connections.

So we will now ignore any unknown parameter and let the user know by
recording this in the Mahara error log - we however will not be
returning the info about the extra parameters back to the system that
made the webservice call

behatnotneeded

Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 515cfba646dee807fda37faeb89f8e71d132b379)
(cherry picked from commit e39ac7ce2f9824a67ac91e38fa76b80b4b392423)
(cherry picked from commit 3f05d3f4d7c5d76cd1b6b340fe3efc4572e8714e)

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "17.10_STABLE" branch: https://reviews.mahara.org/9824

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/9824
Committed: https://git.mahara.org/mahara/mahara/commit/3f4e5c399f4fb0075a580a86b981dfd4f06cd500
Submitter: Robert Lyon (<email address hidden>)
Branch: 17.10_STABLE

commit 3f4e5c399f4fb0075a580a86b981dfd4f06cd500
Author: Robert Lyon <email address hidden>
Date: Tue Apr 23 11:06:58 2019 +1200

Bug 1825894: Ignore extra parameters in webservices

We had a patch for ignoring parameters prefixed with 'custom_' in
bug 1697909 - but there were still problems from users when trying to
install LTI connections.

So we will now ignore any unknown parameter and let the user know by
recording this in the Mahara error log - we however will not be
returning the info about the extra parameters back to the system that
made the webservice call

behatnotneeded

Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002
Signed-off-by: Robert Lyon <email address hidden>
(cherry picked from commit 515cfba646dee807fda37faeb89f8e71d132b379)
(cherry picked from commit e39ac7ce2f9824a67ac91e38fa76b80b4b392423)
(cherry picked from commit 3f05d3f4d7c5d76cd1b6b340fe3efc4572e8714e)
(cherry picked from commit 6a44495b1ec01553473deb3a4b15d98625802c58)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.