MDL-76821 enrol_lti: prevent legacy launches via upgraded enrolment

If the enrolment instance (the 'published resource') has been upgraded from LTI 1.1/2.0 to LTI 1.3 (i.e. a new instance was not created), prevent legacy launches which may occur from old resource links. Only LTI Advantage launches should be permitted through the method.
moodle · May 5, 2023 · 660ea3d · 660ea3d
1 parent ae736cc
commit 660ea3d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/enrol/lti/lang/en/enrol_lti.php b/enrol/lti/lang/en/enrol_lti.php
@@ -54,6 +54,7 @@
 $string['enrolenddate_help'] = 'If enabled, users can access until this date only.';
 $string['enrolenddateerror'] = 'Enrolment end date cannot be earlier than start date';
 $string['enrolisdisabled'] = 'The \'Publish as LTI tool\' plugin is disabled.';
+$string['enrolltiversionincorrect'] = 'The resource is not set up for use over legacy LTI (versions 1.1/2.0). Please contact the administrator of this tool.';
 $string['enrolperiod'] = 'Enrolment duration';
 $string['enrolperiod_help'] = 'Length of time that the enrolment is valid, starting with the moment the user enrols themselves from the remote system. If disabled, the enrolment duration will be unlimited.';
 $string['enrolmentfinished'] = 'Enrolment finished.';

diff --git a/enrol/lti/tool.php b/enrol/lti/tool.php
@@ -53,6 +53,12 @@
     exit();
 }
 
+// Check if the enrolment instance has been upgraded to a newer LTI version.
+if ($tool->ltiversion != 'LTI-1p0/LTI-2p0') {
+    throw new \moodle_exception('enrolltiversionincorrect', 'enrol_lti');
+    exit();
+}
+
 $consumerkey = required_param('oauth_consumer_key', PARAM_TEXT);
 $ltiversion = optional_param('lti_version', null, PARAM_TEXT);
 $messagetype = required_param('lti_message_type', PARAM_TEXT);