Reviewed: https://reviews.mahara.org/9824 Committed: https://git.mahara.org/mahara/mahara/commit/3f4e5c399f4fb0075a580a86b981dfd4f06cd500 Submitter: Robert Lyon (robe...@catalyst.net.nz) Branch: 17.10_STABLE
commit 3f4e5c399f4fb0075a580a86b981dfd4f06cd500 Author: Robert Lyon <robe...@catalyst.net.nz> Date: Tue Apr 23 11:06:58 2019 +1200 Bug 1825894: Ignore extra parameters in webservices We had a patch for ignoring parameters prefixed with 'custom_' in bug 1697909 - but there were still problems from users when trying to install LTI connections. So we will now ignore any unknown parameter and let the user know by recording this in the Mahara error log - we however will not be returning the info about the extra parameters back to the system that made the webservice call behatnotneeded Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002 Signed-off-by: Robert Lyon <robe...@catalyst.net.nz> (cherry picked from commit 515cfba646dee807fda37faeb89f8e71d132b379) (cherry picked from commit e39ac7ce2f9824a67ac91e38fa76b80b4b392423) (cherry picked from commit 3f05d3f4d7c5d76cd1b6b340fe3efc4572e8714e) (cherry picked from commit 6a44495b1ec01553473deb3a4b15d98625802c58) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1825894 Title: Drop / ignore LTI parameters that Mahara doesn't need Status in Mahara: Fix Committed Status in Mahara 17.10 series: Fix Committed Status in Mahara 18.04 series: Fix Committed Status in Mahara 18.10 series: Fix Committed Status in Mahara 19.04 series: Fix Committed Bug description: LTI sometimes sends parameters through that Mahara doesn't require. Rather than whitelisting them as suggested in bug #1785542. We reviewed things again and there don't seem to be any security concerns after all that we would need to take into consideration. So we'll drop / ignore any parameters that Mahara doesn't need like we do for parameters that start with "custom". That means that when they are ignored, a site admin should see a message on the screen when not in production mode to that effect so they know what has been ignored. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1825894/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
