fix for improving content item lti post

ucfopen · Jan 24, 2023 · 2b31389 · 2b31389
1 parent 702747b
commit 2b31389
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 8 deletions.
diff --git a/fuel/app/classes/materia/api/v1.php b/fuel/app/classes/materia/api/v1.php
@@ -85,21 +85,40 @@ static public function lti_sign_content_item_selection(string $url, string $cont
 
 		// assumes the results will be sent via POST
 		$request = \Eher\OAuth\Request::from_consumer_and_token($consumer, null, 'post', $url, $params);
+		$base_string = $request->get_signature_base_string();
 		$request->sign_request($hmc_sha1, $consumer, '');
 		$results = $request->get_parameters();
 
+		\Materia\Log::profile(['lti-content-item-select', $url, print_r($params, 1), print_r($results, 1), $base_string,], 'lti-launch');
+
 		// Remove GET params in $url from $results as they may mess up validation.
 		// if duplicated here. (ex: Sakai will fail validation)
-		$query_str = parse_url($url, PHP_URL_QUERY);
-		parse_str($query_str, $query_params);
-		if (is_array($query_params))
-		{
-			$keys = array_keys($query_params);
-			foreach ($keys as $key)
+		if ($lti_config['tmp_enable_lti_signature_duplicate_cleanup'] === true)
+
+			// this function is needed to protect variable names in the query string, like dots, from becoming underscores
+			function safer_parse_str($data)
+			{
+				$data = preg_replace_callback('/(?:^|(?<=&))[^=[]+/', function($match) {
+					return bin2hex(urldecode($match[0]));
+				}, $data);
+
+				parse_str($data, $values);
+
+				return array_combine(array_map('hex2bin', array_keys($values)), $values);
+			}
+
+			$query_str = parse_url($url, PHP_URL_QUERY);
+			$query_params = safer_parse_str($query_str);
+			if (is_array($query_params))
 			{
-				if (isset($results[$key]))
+				$keys = array_keys($query_params);
+				foreach ($keys as $key)
 				{
-					unset($results[$key]);
+					\Fuel\Core\Log::debug($key);
+					if (isset($results[$key]))
+					{
+						unset($results[$key]);
+					}
 				}
 			}
 		}

diff --git a/fuel/app/config/lti.php b/fuel/app/config/lti.php
@@ -79,6 +79,9 @@
 			'secret'                => $_ENV['LTI_SECRET'],
 			'key'                   => $_ENV['LTI_KEY'],
 
+			// temporary
+			'tmp_enable_lti_signature_duplicate_cleanup' => $_ENV['TMP_ENABLE_LTI_SIGNATURE_DUPLICATE_CLEANUP'] ?? true,
+
 		],
 
 		// Example Obojobo assignment integration