$instance->instructorcustomparameters, $islti2));
$launchcontainer = lti_get_launch_container($instance, $typeconfig);
- $returnurlparams = array('course' => $course->id, 'launch_container' => $launchcontainer, 'instanceid' => $instance->id);
+ $returnurlparams = array('course' => $course->id,
+ 'launch_container' => $launchcontainer,
+ 'instanceid' => $instance->id,
+ 'sesskey' => sesskey());
// Add the return URL. We send the launch container along to help us avoid frames-within-frames when the user returns.
$url = new \moodle_url('/mod/lti/return.php', $returnurlparams);
$courseid = required_param('course', PARAM_INT);
$instanceid = optional_param('instanceid', 0, PARAM_INT);
-$errormsg = optional_param('lti_errormsg', '', PARAM_RAW);
-$msg = optional_param('lti_msg', '', PARAM_RAW);
+$errormsg = optional_param('lti_errormsg', '', PARAM_TEXT);
+$msg = optional_param('lti_msg', '', PARAM_TEXT);
$unsigned = optional_param('unsigned', '0', PARAM_INT);
$launchcontainer = optional_param('launch_container', LTI_LAUNCH_CONTAINER_WINDOW, PARAM_INT);
require_login($course);
+require_sesskey();
if (!empty($errormsg) || !empty($msg)) {
$url = new moodle_url('/mod/lti/return.php', array('course' => $courseid));
if (!empty($errormsg)) {
echo get_string('lti_launch_error', 'lti');
- echo htmlspecialchars($errormsg);
+ p($errormsg);
if ($unsigned == 1) {
echo $OUTPUT->footer();
} else if (!empty($msg)) {
- echo htmlspecialchars($msg);
+ p($msg);
echo $OUTPUT->footer();
