Drop / ignore LTI parameters that Mahara doesn't need
Bug #1825894 reported by
Kristina Hoeppner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
Robert Lyon | ||
17.10 |
Fix Released
|
Medium
|
Unassigned | ||
18.04 |
Fix Released
|
Medium
|
Unassigned | ||
18.10 |
Fix Released
|
Medium
|
Unassigned | ||
19.04 |
Fix Released
|
Medium
|
Robert Lyon |
Bug Description
LTI sometimes sends parameters through that Mahara doesn't require. Rather than whitelisting them as suggested in bug #1785542. We reviewed things again and there don't seem to be any security concerns after all that we would need to take into consideration.
So we'll drop / ignore any parameters that Mahara doesn't need like we do for parameters that start with "custom". That means that when they are ignored, a site admin should see a message on the screen when not in production mode to that effect so they know what has been ignored.
To post a comment you must log in.
Patch for "master" branch: https:/ /reviews. mahara. org/9818