From 254add38f24626453312484d858f426b40262b95 Mon Sep 17 00:00:00 2001
From: cescobedo <carlos.escobedo@gmail.com>
Date: Sat, 29 Feb 2020 10:50:40 +0100
Subject: [PATCH] MDL-68068 core_h5p: Replace $_SESSION by $SESSION

The third-party library H5P has some references to  instead of Moodle's.
That implies that the information is not saved to backends and other issues,
so only the Moodle one should be used by core (core should be free from  and always use .).
---
 h5p/h5plib/v124/joubel/core/h5p.classes.php   | 12 +++++++-----
 h5p/h5plib/v124/joubel/core/readme_moodle.txt | 11 ++++++++---
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/h5p/h5plib/v124/joubel/core/h5p.classes.php b/h5p/h5plib/v124/joubel/core/h5p.classes.php
index 7654b2d9166..7b78d06e4b7 100644
--- a/h5p/h5plib/v124/joubel/core/h5p.classes.php
+++ b/h5p/h5plib/v124/joubel/core/h5p.classes.php
@@ -3215,21 +3215,23 @@ class H5PCore {
    * @return string
    */
   private static function hashToken($action, $time_factor) {
-    if (!isset($_SESSION['h5p_token'])) {
+    global $SESSION;
+
+    if (!isset($SESSION->h5p_token)) {
       // Create an unique key which is used to create action tokens for this session.
       if (function_exists('random_bytes')) {
-        $_SESSION['h5p_token'] = base64_encode(random_bytes(15));
+        $SESSION->h5p_token = base64_encode(random_bytes(15));
       }
       else if (function_exists('openssl_random_pseudo_bytes')) {
-        $_SESSION['h5p_token'] = base64_encode(openssl_random_pseudo_bytes(15));
+        $SESSION->h5p_token = base64_encode(openssl_random_pseudo_bytes(15));
       }
       else {
-        $_SESSION['h5p_token'] = uniqid('', TRUE);
+        $SESSION->h5p_token = uniqid('', TRUE);
       }
     }
 
     // Create hash and return
-    return substr(hash('md5', $action . $time_factor . $_SESSION['h5p_token']), -16, 13);
+    return substr(hash('md5', $action . $time_factor . $SESSION->h5p_token), -16, 13);
   }
 
   /**
diff --git a/h5p/h5plib/v124/joubel/core/readme_moodle.txt b/h5p/h5plib/v124/joubel/core/readme_moodle.txt
index 846d9da4722..85463e43c33 100644
--- a/h5p/h5plib/v124/joubel/core/readme_moodle.txt
+++ b/h5p/h5plib/v124/joubel/core/readme_moodle.txt
@@ -16,8 +16,7 @@ Added:
 
 Downloaded version: 1.24 release
 
-
-=== 3.8 ===
+Changes:
 1. In order to allow the dependency path to be overridden by child H5PCore classes, a couple of minor changes have been added to the
 h5p.classes.php file:
     - Into the getDependenciesFiles method, the line 2435:
@@ -44,6 +43,12 @@ and 1 ocurrence in h5p-metadata.class.php.
 
 3. Another PR has been sent to H5P library (https://github.com/h5p/h5p-php-library/pull/69) to fix some php74 minor problems. The same fix is being applied locally by MDL-67077. Once we import a new version, if it includes de fix, this won't be needed to reapply and can be removed.
 
+4. Replace the $_SESSION references to $SESSION. That implies that the information is saved to backends, so only the Moodle one should be used by core (core should be free from $_SESSION and always use $SESSION).
+h5p.classes.php file:
+  - Into hashToken method:
+    Declare the global $SESSION.
+    Change all the $_SESSION by $SESSION.
+A script for testing this part can be found in MDL-68068
 
 The point 2 from above won't be needed once the mbstring extension becomes mandatory in Moodle. A request has been
-sent to MDL-65809.
+sent to MDL-65809.
\ No newline at end of file
-- 
2.43.0