Closed danmarsden closed 4 years ago
nelson-edalex
commented
6 years ago Hi Dan,
We can't add sesskey to callbackmulti.php. It's a callback PHP that EQUELLA uses to redirect user to after saving the selected resource in their course.
Cheers, Nelson
danmarsden
commented
6 years ago but it happens within the user session right? - so you could add sesskey to the url you pass to equalla which is then passed back to Moodle?
if not - all good but it really needs some clean_param calls on that content before passing to the db...
nelson-edalex
commented
6 years ago clean_param has been added and is checked in.
Regarding session key, it's possible to pass sesskey to EQUELLA and hand in back on callback. The session key could expire if user stay in EQUELLA long enough (e.g. go out for lunch during the middle of a content contribution). I'd suggest to keep that as it is.
danmarsden
commented
6 years ago I'm still not convinced.. but this probably wouldn't be a blocker on our end. having the clean_param stuff there makes it a lot cleaner than it was thanks.
cathfitz
commented
4 years ago Problem seems to have been adequately fixed.
can sesskey checks be added to callbackmulti.php? - looks like it's called from within Moodle so should be possible?
also would be good to do some clean_param calls on the content that comes from the json_decode before passing them directly into the database.