moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-02 23:59:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-33501 - oauth2lib: enforce sesskey in oauth2callback.php

Browse source 
The sesskey needs to be embeded in the local url returned as this is the
only parameter we have control of.
This commit is contained in:
Dan Poltawski 2012-06-04 11:11:38 +08:00
parent db7602af7c
commit 5df1b73748
3 changed files with 17 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
admin/oauth2callback.php
View file

@ -35,4 +35,12 @@ $code = required_param('code', PARAM_RAW);
// The state parameter we've given (used in moodle as a redirect url).
$state = required_param('state', PARAM_LOCALURL);
redirect(new moodle_url($state, array('code' => $code)));
$redirecturl = new moodle_url($state);
$params = $redirecturl->params();
if (isset($params['sesskey']) and confirm_sesskey($params['sesskey'])) {
$redirecturl->param('code', $code);
redirect($redirecturl);
} else {
print_error('invalidsesskey');
}

6
repository/googledocs/lib.php
View file

@ -39,8 +39,10 @@ class repository_googledocs extends repository {
public function __construct($repositoryid, $context = SYSCONTEXTID, $options = array()) {
parent::__construct($repositoryid, $context, $options);
$returnurl = new moodle_url('/repository/repository_callback.php',
array('callback' => 'yes', 'repo_id' =>$this->id));
$returnurl = new moodle_url('/repository/repository_callback.php');
$returnurl->param('callback', 'yes');
$returnurl->param('repo_id', $this->id);
$returnurl->param('sesskey', sesskey());
$clientid = get_config('googledocs', 'clientid');
$secret = get_config('googledocs', 'secret');

6
repository/picasa/lib.php
View file

@ -41,8 +41,10 @@ class repository_picasa extends repository {
public function __construct($repositoryid, $context = SYSCONTEXTID, $options = array()) {
parent::__construct($repositoryid, $context, $options);
$returnurl = new moodle_url('/repository/repository_callback.php',
array('callback' => 'yes', 'repo_id' =>$this->id));
$returnurl = new moodle_url('/repository/repository_callback.php');
$returnurl->param('callback', 'yes');
$returnurl->param('repo_id', $this->id);
$returnurl->param('sesskey', sesskey());
$clientid = get_config('picasa', 'clientid');
$secret = get_config('picasa', 'secret');