mahara-contributors team mailing list archive

[Kristina Hoeppner <1825894@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

LTI sometimes sends parameters through that Mahara doesn't require.
Rather than whitelisting them as suggested in bug #1785542. We reviewed
things again and there don't seem to be any security concerns after all
that we would need to take into consideration.

So we'll drop / ignore any parameters that Mahara doesn't need like we
do for parameters that start with "custom". That means that when they
are ignored, a site admin should see a message on the screen when not in
production mode to that effect so they know what has been ignored.

** Affects: mahara
     Importance: Medium
     Assignee: Robert Lyon (robertl-9)
         Status: Confirmed

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1825894

Title:
  Drop / ignore LTI parameters that Mahara doesn't need

Status in Mahara:
  Confirmed

Bug description:
  LTI sometimes sends parameters through that Mahara doesn't require.
  Rather than whitelisting them as suggested in bug #1785542. We
  reviewed things again and there don't seem to be any security concerns
  after all that we would need to take into consideration.

  So we'll drop / ignore any parameters that Mahara doesn't need like we
  do for parameters that start with "custom". That means that when they
  are ignored, a site admin should see a message on the screen when not
  in production mode to that effect so they know what has been ignored.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1825894/+subscriptions