From 5df1b737483c9d65e16a72e0937c1efd02edafa1 Mon Sep 17 00:00:00 2001
From: Dan Poltawski <dan@moodle.com>
Date: Mon, 4 Jun 2012 11:11:38 +0800
Subject: [PATCH] MDL-33501 - oauth2lib: enforce sesskey in oauth2callback.php

The sesskey needs to be embeded in the local url returned as this is the
only parameter we have control of.
---
 admin/oauth2callback.php      | 10 +++++++++-
 repository/googledocs/lib.php |  6 ++++--
 repository/picasa/lib.php     |  6 ++++--
 3 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/admin/oauth2callback.php b/admin/oauth2callback.php
index 695353cc5a0..2ec8c38aead 100644
--- a/admin/oauth2callback.php
+++ b/admin/oauth2callback.php
@@ -35,4 +35,12 @@ $code = required_param('code', PARAM_RAW);
 // The state parameter we've given (used in moodle as a redirect url).
 $state = required_param('state', PARAM_LOCALURL);
 
-redirect(new moodle_url($state, array('code' => $code)));
+$redirecturl = new moodle_url($state);
+$params = $redirecturl->params();
+
+if (isset($params['sesskey']) and confirm_sesskey($params['sesskey'])) {
+    $redirecturl->param('code', $code);
+    redirect($redirecturl);
+} else {
+    print_error('invalidsesskey');
+}
diff --git a/repository/googledocs/lib.php b/repository/googledocs/lib.php
index 22605dc4ae9..df0f23eb0ff 100644
--- a/repository/googledocs/lib.php
+++ b/repository/googledocs/lib.php
@@ -39,8 +39,10 @@ class repository_googledocs extends repository {
     public function __construct($repositoryid, $context = SYSCONTEXTID, $options = array()) {
         parent::__construct($repositoryid, $context, $options);
 
-        $returnurl = new moodle_url('/repository/repository_callback.php',
-            array('callback' => 'yes', 'repo_id' =>$this->id));
+        $returnurl = new moodle_url('/repository/repository_callback.php');
+        $returnurl->param('callback', 'yes');
+        $returnurl->param('repo_id', $this->id);
+        $returnurl->param('sesskey', sesskey());
 
         $clientid = get_config('googledocs', 'clientid');
         $secret = get_config('googledocs', 'secret');
diff --git a/repository/picasa/lib.php b/repository/picasa/lib.php
index fb2a83a5330..0d0b63c0cfa 100644
--- a/repository/picasa/lib.php
+++ b/repository/picasa/lib.php
@@ -41,8 +41,10 @@ class repository_picasa extends repository {
     public function __construct($repositoryid, $context = SYSCONTEXTID, $options = array()) {
         parent::__construct($repositoryid, $context, $options);
 
-        $returnurl = new moodle_url('/repository/repository_callback.php',
-            array('callback' => 'yes', 'repo_id' =>$this->id));
+        $returnurl = new moodle_url('/repository/repository_callback.php');
+        $returnurl->param('callback', 'yes');
+        $returnurl->param('repo_id', $this->id);
+        $returnurl->param('sesskey', sesskey());
 
         $clientid = get_config('picasa', 'clientid');
         $secret = get_config('picasa', 'secret');