mahara-contributors team mailing list archive

Thread
Date

[Bug 1825894] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1825894@xxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Apr 2019 02:09:52 -0000
Reply-to: Bug 1825894 <1825894@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/9821
Committed: https://git.mahara.org/mahara/mahara/commit/e39ac7ce2f9824a67ac91e38fa76b80b4b392423
Submitter: Robert Lyon (robertl@xxxxxxxxxxxxxxx)
Branch:    19.04_STABLE

commit e39ac7ce2f9824a67ac91e38fa76b80b4b392423
Author: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date:   Tue Apr 23 11:06:58 2019 +1200

Bug 1825894: Ignore extra parameters in webservices

We had a patch for ignoring parameters prefixed with 'custom_' in
bug 1697909 - but there were still problems from users when trying to
install LTI connections.

So we will now ignore any unknown parameter and let the user know by
recording this in the Mahara error log - we however will not be
returning the info about the extra parameters back to the system that
made the webservice call

behatnotneeded

Change-Id: I0cf5d966833a48e7db13d48b9e0be87285934002
Signed-off-by: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
(cherry picked from commit 515cfba646dee807fda37faeb89f8e71d132b379)

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1825894

Title:
  Drop / ignore LTI parameters that Mahara doesn't need

Status in Mahara:
  Fix Committed
Status in Mahara 17.10 series:
  Fix Committed
Status in Mahara 18.04 series:
  Fix Committed
Status in Mahara 18.10 series:
  Fix Committed
Status in Mahara 19.04 series:
  Fix Committed

Bug description:
  LTI sometimes sends parameters through that Mahara doesn't require.
  Rather than whitelisting them as suggested in bug #1785542. We
  reviewed things again and there don't seem to be any security concerns
  after all that we would need to take into consideration.

  So we'll drop / ignore any parameters that Mahara doesn't need like we
  do for parameters that start with "custom". That means that when they
  are ignored, a site admin should see a message on the screen when not
  in production mode to that effect so they know what has been ignored.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1825894/+subscriptions

References

[Bug 1825894] [NEW] Drop / ignore LTI parameters that Mahara doesn't need
From: Kristina Hoeppner, 2019-04-22