[LON-CAPA-cvs] cvs: loncom /lti ltipassback.pm

[raeburn]

raeburn		Tue Aug 14 22:00:43 2018 EDT

  Modified files:              
    /loncom/lti	ltipassback.pm 
  Log:
  - Bug 6754 LON-CAPA as LTI Provider
    - request body verification if content type was application/xml. 
  
  
Index: loncom/lti/ltipassback.pm
diff -u loncom/lti/ltipassback.pm:1.6 loncom/lti/ltipassback.pm:1.7
--- loncom/lti/ltipassback.pm:1.6	Tue Aug 14 21:42:36 2018
+++ loncom/lti/ltipassback.pm	Tue Aug 14 22:00:43 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # LTI Consumer Module to receive grades passed back by Provider 
 #
-# $Id: ltipassback.pm,v 1.6 2018/08/14 21:42:36 raeburn Exp $
+# $Id: ltipassback.pm,v 1.7 2018/08/14 22:00:43 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -188,14 +188,16 @@
 # Verify XML in request body has not been tampered with
 #
 
-    my $bodyhash = Digest::SHA::sha1_base64($xmlbody);
-    while (length($bodyhash) % 4) {
-        $bodyhash .= '=';
-    }
-    unless ($bodyhash eq $params->{oauth_body_hash}) {
-        $errors{16} = 1;
-        &invalid_request($r,$params,\%errors);
-        return OK;
+    if ($content_type eq 'application/xml') {
+        my $bodyhash = Digest::SHA::sha1_base64($xmlbody);
+        while (length($bodyhash) % 4) {
+            $bodyhash .= '=';
+        }
+        unless ($bodyhash eq $params->{oauth_body_hash}) {
+            $errors{16} = 1;
+            &invalid_request($r,$params,\%errors);
+            return OK;
+        }
     }
 
 #