mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-14 12:40:01 +01:00
Code Issues Projects Releases Wiki Activity

MDL-77840 enrol_lti: Avoid passing nulls to base64_encode

Browse Source
This commit is contained in:
David Woloszyn 2023-05-02 11:34:13 +10:00
parent 5ab74afad4
commit b3424d620d
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
enrol/lti/ims-blti/OAuth.php
View File

@ -148,6 +148,11 @@ class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
// Sign using the key
$ok = openssl_sign($base_string, $signature, $privatekeyid);
// Avoid passing null values to base64_encode.
if (!$ok) {
throw new OAuthException("OpenSSL unable to sign data");
}
// TODO: Remove this block once PHP 8.0 becomes required.
if (PHP_MAJOR_VERSION < 8) {
// Release the key resource

1
enrol/lti/ims-blti/readme_moodle.txt
View File

@ -6,3 +6,4 @@ In future releases we should look into using a supported library.
2022-01-05 - MDL-73502 - Removed get_magic_quotes_gpc() use, was returning false since ages ago.
2022-01-20 - MDL-73523 - Conditional openssl_free_key() use, deprecated by PHP 8.0
2022-03-05 - MDL-73520 - replace deprecated php_errormsg with error_get_last(), deprecated by PHP 8.0
2023-05-03 - MDL-77840 - Throw exception on openssl_sign to avoid null reaching base64_encode, deprecated by PHP 8.1