This commit is contained in:
Jun Pataleta 2022-01-10 15:10:14 +08:00
commit 1077f39bcc
4 changed files with 4 additions and 10 deletions

View File

@ -222,15 +222,6 @@ class OAuthRequest {
$parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
$ourpost = $_POST;
// Deal with magic_quotes
// http://www.php.net/manual/en/security.magicquotes.disabling.php
if ( get_magic_quotes_gpc() ) {
$outpost = array();
foreach ($_POST as $k => $v) {
$v = stripslashes($v);
$ourpost[$k] = $v;
}
}
// Add POST Parameters if they exist
$parameters = array_merge($parameters, $ourpost);

View File

@ -2,3 +2,5 @@ This library was originally published by the IMS at https://code.google.com/p/im
current code was taken from https://github.com/jfederico/ims-dev/tree/master/basiclti/php-simple/ims-blti - with
several changes to the code (including bug fixes). As the library is no longer supported upgrades are not possible.
In future releases we should look into using a supported library.
2021-01-05 - Removed get_magic_quotes_gpc() use, was returning false since ages ago.

View File

@ -32,7 +32,7 @@ if (!empty($_POST))
if ( ( !is_string($value) && !is_numeric($value) ) || !is_string($key) )
continue;
if ( get_magic_quotes_gpc() )
if ( function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() )
$value = htmlspecialchars( stripslashes((string)$value) );
else
$value = htmlspecialchars( (string)$value );

View File

@ -32,5 +32,6 @@ Added:
Changed:
* Updated H5peditor::getLibraryData parameters to fix PHP8.0 warnings. See MDL-70903 for details.
* Make get_magic_quotes_gpc() use conditional, it has been removed in php80. See MDL-73502 for details.
Downloaded version: moodle-1.20.2 release