MDL-61242 repository_equella: Add source key when sending the source.
authorAdrian Greeve <adrian@moodle.com>
Sat, 20 Jan 2018 02:56:18 +0000 (10:56 +0800)
committerAdrian Greeve <adrian@moodle.com>
Sat, 20 Jan 2018 02:56:18 +0000 (10:56 +0800)
A thank you to Nelson Cheng for find this issue and suggesting a patch.

repository/equella/callback.php

index 0772a85..ffd8435 100644 (file)
@@ -60,6 +60,7 @@ if (isset($info->license)) {
 }
 
 $source = base64_encode(json_encode(array('url'=>$url,'filename'=>$filename)));
+$sourcekey = sha1($source . repository::get_secret_key() . sesskey());
 
 $js =<<<EOD
 <html>
@@ -70,6 +71,7 @@ $js =<<<EOD
         var resource = {};
         resource.title = "$filename";
         resource.source = "$source";
+        resource.sourcekey = "$sourcekey";
         resource.thumbnail = '$thumbnail';
         resource.author = "$author";
         resource.license = "$license";