moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-07 18:06:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-65075 tool_mobile: Allow auto-login keys only for requests from Moodle apps

Browse source 
This change enhances security and avoid any kind of XSS attack.
This commit is contained in:
Juan Leyva 2019-03-21 15:39:21 +01:00
parent 280cfdf05c
commit 2b34a55d5a
6 changed files with 49 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
admin/tool/mobile/db/services.php
View file

@ -57,7 +57,8 @@ $functions = array(
'classname' => 'tool_mobile\external',
'methodname' => 'get_autologin_key',
'description' => 'Creates an auto-login key for the current user.
Is created only in https sites and is restricted by time and ip address.',
Is created only in https sites and is restricted by time, ip address and only works if the request
comes from the Moodle mobile or desktop app.',
'type' => 'write',
'services' => array(MOODLE_OFFICIAL_MOBILE_SERVICE),
),