Skip to content

Commit

Permalink
LTI: Added permissions checking and HTML escaping
Browse files Browse the repository at this point in the history
  • Loading branch information
@ZallaxDev
ZallaxDev committed Dec 9, 2024
1 parent b05e13d commit a4149f4
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -785,7 +785,7 @@ protected function confirmDeleteProviders(array $providers, string $cancelComman
$confirmationGUI->addItem(
'provider_ids[]',
(string) $provider->getId(),
$provider->getTitle(),
htmlspecialchars($provider->getTitle()),
$providerIcon
);
}
Expand Down
2 changes: 1 addition & 1 deletion Modules/LTIConsumer/classes/class.ilObjLTIConsumer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1274,7 +1274,7 @@ public static function registerClient(array $data, object $tokenObj): array
$reponseData = $data;
$provider = new ilLTIConsumeProvider();
$toolConfig = $data['https://purl.imsglobal.org/spec/lti-tool-configuration'];
$provider->setTitle($data['client_name']);
$provider->setTitle(strip_tags($data['client_name'], ilObjectGUI::ALLOWED_TAGS_IN_TITLE_AND_DESCRIPTION));
$provider->setProviderUrl($toolConfig['target_link_uri']);
$provider->setInitiateLogin($data['initiate_login_uri']);
$provider->setRedirectionUris(implode(",", $data['redirect_uris']));
Expand Down
2 changes: 1 addition & 1 deletion Modules/LTIConsumer/ltiregstart.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
ilInitialisation::initILIAS();
global $DIC;

if (!$DIC->user()->getId() || $DIC->user()->getId() === ANONYMOUS_USER_ID) {
if (!$DIC->user()->getId() || !ilLTIConsumerAccess::hasCustomProviderCreationAccess()) {
ilObjLTIConsumer::sendResponseError(401, "unauthorized");
}

Expand Down

0 comments on commit a4149f4

Please sign in to comment.