diff --git a/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php b/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php index 633a65594c7f..3867fb983ed1 100755 --- a/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php +++ b/Modules/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php @@ -785,7 +785,7 @@ protected function confirmDeleteProviders(array $providers, string $cancelComman $confirmationGUI->addItem( 'provider_ids[]', (string) $provider->getId(), - $provider->getTitle(), + htmlspecialchars($provider->getTitle()), $providerIcon ); } diff --git a/Modules/LTIConsumer/classes/class.ilObjLTIConsumer.php b/Modules/LTIConsumer/classes/class.ilObjLTIConsumer.php index 53438ba2bd05..1f4a728873cc 100755 --- a/Modules/LTIConsumer/classes/class.ilObjLTIConsumer.php +++ b/Modules/LTIConsumer/classes/class.ilObjLTIConsumer.php @@ -1274,7 +1274,7 @@ public static function registerClient(array $data, object $tokenObj): array $reponseData = $data; $provider = new ilLTIConsumeProvider(); $toolConfig = $data['https://purl.imsglobal.org/spec/lti-tool-configuration']; - $provider->setTitle($data['client_name']); + $provider->setTitle(strip_tags($data['client_name'], ilObjectGUI::ALLOWED_TAGS_IN_TITLE_AND_DESCRIPTION)); $provider->setProviderUrl($toolConfig['target_link_uri']); $provider->setInitiateLogin($data['initiate_login_uri']); $provider->setRedirectionUris(implode(",", $data['redirect_uris'])); diff --git a/Modules/LTIConsumer/ltiregstart.php b/Modules/LTIConsumer/ltiregstart.php index 9f76e32c1488..a36677903a8f 100644 --- a/Modules/LTIConsumer/ltiregstart.php +++ b/Modules/LTIConsumer/ltiregstart.php @@ -26,7 +26,7 @@ ilInitialisation::initILIAS(); global $DIC; -if (!$DIC->user()->getId() || $DIC->user()->getId() === ANONYMOUS_USER_ID) { +if (!$DIC->user()->getId() || !ilLTIConsumerAccess::hasCustomProviderCreationAccess()) { ilObjLTIConsumer::sendResponseError(401, "unauthorized"); }