HTTP_HOST is not reliable

deedey / moodle-block_annulab_lrs

This block for Moodle gives access to a user’s own historical data sent by the moodle's logstore_xapi and tincanlaunch plugins to the LRS of Annulab in a graphical format and data table. It requires a free subscription at https://lrsdata.com. The LRS enables anyone who is connected to import his/her own data in a JSON format file archived into a ZIP file.

1 stars 0 forks source link

HTTP_HOST is not reliable #5

Closed danmarsden closed 6 years ago

danmarsden commented 6 years ago

HTTP_HOST comes from the client and can be spoofed - I'm not sure exactly what you are doing there but you might be wanting to use the variable $CFG->wwwroot instead? https://github.com/deedey/moodle_annulabLRS/blob/master/block_annulab_lrs.php#L53

deedey commented 6 years ago

Yes! I meaned "$CFG->wwwroot" et repaired this.

danmarsden commented 6 years ago

cool.