Permalink
Browse files

Merge branch 'MDL-61716-33' of git://github.com/mastnym/moodle into M…

…OODLE_33_STABLE
  • Loading branch information...
dmonllao committed Apr 18, 2018
2 parents 35b09d5 + 8b58e05 commit 7ff43c23346dc393633a0cee5ffe22fd990fd2bf
Showing with 16 additions and 2 deletions.
  1. +1 −0 admin/tool/oauth2/lang/en/tool_oauth2.php
  2. +15 −2 lib/classes/oauth2/user_field_mapping.php
@@ -96,6 +96,7 @@
$string['usebasicauth'] = 'Authenticate token requests via HTTP headers';
$string['usebasicauth_help'] = 'Utilise the HTTP Basic authentication scheme when sending client ID and password with a refresh token request. Recommended by the OAuth 2 standard, but may not be available with some issuers.';
$string['userfieldexternalfield'] = 'External field name';
$string['userfieldexternalfield_error'] = 'This field cannot contain HTML.';
$string['userfieldexternalfield_help'] = 'Name of the field provided by the external OAuth system.';
$string['userfieldinternalfield_help'] = 'Name of the Moodle user field that should be mapped from the external field.';
$string['userfieldinternalfield'] = 'Internal field name';
@@ -26,7 +26,7 @@
defined('MOODLE_INTERNAL') || die();
use core\persistent;
use lang_string;
/**
* Class for loading/storing oauth2 user field mappings from the DB
*
@@ -57,7 +57,7 @@ protected static function define_properties() {
'type' => PARAM_INT
),
'externalfield' => array(
'type' => PARAM_ALPHANUMEXT,
'type' => PARAM_RAW_TRIMMED,
),
'internalfield' => array(
'type' => PARAM_ALPHANUMEXT,
@@ -74,4 +74,17 @@ protected static function define_properties() {
public function get_internalfield_list() {
return array_combine(self::get_user_fields(), self::get_user_fields());
}
/**
* Ensures that no HTML is saved to externalfield field
* but preserves all special characters that can be a part of the claim
* @return boolean true if validation is successful, string error if externalfield is not validated
*/
protected function validate_externalfield($value){
// This parameter type is set to PARAM_RAW_TRIMMED and HTML check is done here.
if (clean_param($value, PARAM_NOTAGS) !== $value){
return new lang_string('userfieldexternalfield_error', 'tool_oauth2');
}
return true;
}
}

0 comments on commit 7ff43c2

Please sign in to comment.